Professional Documents
Culture Documents
Step by Step Instructions how to Integrate AWS SSO with Azure AD (Active Directory)
8. Download and Save Federated Metadata XML file for AWS SSO
9. On AWS Side go to AWS SSO in Master Account if you are using AWS Organization, select any Region where AWS SSO is
available, settings will be anyway Global for AWS Account
15. Upload SAML Metadata file from Azure AD and click Review
17.
17. On the Setting screen click Enable automatic provisioning
18. Copy your SCIM endpoint and Access token, this information you will need for Azure AD
19. On Azure side under Azure Active Directory Enterprise application AWS-SSO Single sign-on SAML, click on Upload metadata
file
20. Select Metadata file from AWS SSO , click Add and Save.
21. After that you can skip Test Single sign on, by click on No, I’ll test later
22. Now on Azure side in application AWS-SSO click on Provisioning and Get started
25. Now after you saved Admin Credentials, Under Mapping choose Provision Azure Active Directory Users to customappsso
a. Click on mailNickname and change Source attribute from mailNickname to objectId, and click OK
b. Delete not relevant fields(field which are not used in AWS) from Mapping, finally you should have mapping like this
27. Last step is to add Users/Groups from Azure AD, who need access to AWS, into this Azure Enterprise application
28. On Azure side in application AWS-SSO click on Users and groups
29. Click on Users and groups(Not Selected) list will appear
30. From the list select Group/Users who will get access to AWS, then click Select and Assign.
31. Now Users and Group Provisioning to AWS will start by defined interval (!40 minutes), you can start it immediately by going to
Provisioning and click on Start provisioning
32. If you did all correct you will see number of Group and Users provisioned
33. On AWS SSO side Refresh Browser and you should see same Groups and Users provisioned in AWS SSO
a. Groups
b. Users