Introduction
AWS Single Sign-On is a cloud-based single sign-on (SSO) service, making it a lot easier to manage Single Sign-On access to all your AWS accounts and cloud applications. It specifically helps you manage SSO access and other user permissions across all of your AWS accounts in the AWS organizations. It allows you to control the access and permissions to the commonly used third-party software as a service, which are widely known as SaaS applications, AWS SSO integrated applications, and custom applications that can support Security Assertion Markup Language (SAML) 2.0. The AWS Single Sign-On also includes a user portal where the end users can find and access all of their assigned AWS accounts, cloud applications, and custom applications and all of these things in one place.
Features with AWS SSO
Following are the features that AWS SSO provides:
SSO access to your AWS accounts and cloud applications
It is straightforward for you to manage SSO across all your AWS accounts, cloud applications, AWS SSO integrated applications, and custom SAML 2.0-based applications without custom scripts or third-party Single Sign-On solutions. One can use the AWS SSO console to quickly assign which users should have one-click access to, particularly those applications that have been authorized for their personalized end-user portal.
Integration with AWS Organizations
AWS Single Sign-On is deeply integrated with AWS Organizations and AWS API operations, unlike the cloud-native SSO solutions. The AWS SSO natively integrates with the AWS Organizations and enumerates all of your AWS accounts together. You will see them displayed similarly within the AWS SSO console if you have organized all of your accounts under the organizational units (OUs).
Manage users and groups in AWS SSO
AWS SSO creates a default store for you in the AWS SSO. One can use this store to manage users and groups directly in the console. If you prefer, you can also connect to an existing AWS Managed Microsoft AD directory and then collect the users using the standard Active Directory management tools provided in the windows server. One can also provide users and groups from an external identity provider into the AWS SSO and then manage access permissions in the AWS Single Sign-On.
Leverage your existing corporate identities
AWS Single Sign-On is also deeply integrated with Microsoft AD through the AWS Directory Service. Your employees can sign in to your AWS SSO user portal using their corporate Active Directory credentials. Users added to the DevOps group are also automatically granted SSO access to these AWS accounts.
Easy to set up and monitor
The AWS SSO allows you to enable a highly available SSO service with just a few clicks, and you would be required no additional infrastructure to deploy or set up the AWS account. It is a highly available and completely secure infrastructure that helps you scale to your needs and does not require software or hardware to manage.
84+ registered