SlideShare uma empresa Scribd logo

Deep Dive on AWS Single Sign-On - AWS Online Tech Talks

Amazon Web Services
Amazon Web Services

Learning Objectives: - Learn how to enable users to access their AWS accounts and business applications using their corporate credentials - Learn how to manage SSO access to all of your AWS accounts managed in AWS Organizations - Learn how to centrally manage user permissions to AWS resources when they access the AWS Management Console using AWS SSO

1 de 30
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anand Murugesan, Sr. Product Manager 2/1/2017 AWS Single Sign-On (SSO) business
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • Challenges in managing cloud services access • Introducing AWS SSO • Pricing and availability • Demonstration • Q &A
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How customers manage access to AWS accounts Employees • Permissions defined as policies • Attached to roles, users, and groups • Create AWS IAM users and assign permissions AWS account Permissions Amazon S3 buckets AWS Lambda functions Amazon EC2 instances Amazon RDS database instances
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Connect corporate directory Use it to control access to AWS resources through existing corporate Active Directory AWS account Permissions S3 buckets Lambda functions EC2 instances RDS database instances On-premises Microsoft Active Directory On-premises users and groups On-premises Active Directory Corporate data center
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Business scaling up Growing business • Demand for AWS resources • Different departments • Different purposes for same teams • Multiple AWS accounts provide security isolation Multiple AWS accounts
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud applications for business agility Multiple AWS accounts On-premises users Business cloud applications SSO access SSO access
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges Managing access to multiple AWS accounts and business applications is expensive, hard, and time-consuming. Managing multiple AWS accounts requires effort Hard to set up, operate, and use Numerous credentials No centralized security controls Access to business applications takes time and effort, and is expensive
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges – Managing multiple AWS accounts Managing multiple AWS accounts requires effort • Maintain a list of AWS accounts • General-purpose SSO solutions treat AWS accounts as separate applications and don’t integrate deeply • SSO Setup – Cut-and-paste configuration across consoles • New account? Repeat the setup process. Can’t scale business quickly • Set up roles in each account. Keep the roles updated • Managing user access to accounts
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges – Credentials and security control • Different password policies for different accounts and cloud applications • Numerous passwords–Password fatigue leads to weak passwords, writing down in cleartext • Access changes needs to be performed in cloud services manually • Removing access to cloud services is a manual process • Exposes critical business data to unauthorized access Numerous credentials No centralized security controls
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges – Access to business applications • Setting up SSO and troubleshooting each application typically took days • In some cases, this setup could take weeks because it required you to communicate back and forth with application vendors • Vendor changes to the application configuration results in unexpected loss of access and requires changes to configuration and troubleshooting again • Requires you to understand the nuances of SAML integration Access to business applications takes time and effort, and is expensive
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges – Hard to set up and manage • Prepackaged SSO software requires you to procure hardware and install OS and patches • Involves SSO software installation and ongoing patching and upgrade • High availability and security require expertise and time • Upfront investment and ongoing maintenance costs • Visibility into access requires manual reconciliation of data across multiple accounts, applications, and corporate directory • Hard for administrators and users to keep track of application access details Hard to set up, operate, and use
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges - Summary Managing access to multiple AWS accounts and business applications is expensive, hard, and time-consuming. Managing multiple AWS accounts requires effort Hard to set up, operate, and use Numerous credentials No centralized security controls Access to business applications takes time and effort and is expensive
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introducing AWS SSO Centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications. Centrally manage access to multiple AWS accounts Easy to enable and use Use your existing corporate identities SSO access to business applications
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Organizations – Account management A6 Development Test Production A8A1 A5 A4A3 A2 A9 A7 OU Allows you to organize AWS accounts Controls access to AWS services Apply service control policies OU OU Root
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Central access to AWS accounts Centrally manage access to multiple AWS accounts • Lists AWS accounts managed in AWS Organizations • Works with all AWS accounts and integrates deeply • SSO setup to AWS accounts is automatic. • New accounts are set up automatically • Provisions permissions into all AWS accounts • Manage access to all accounts from a central place
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS SSO - Central access to AWS accounts Centrally manage access to multiple AWS accounts AWS accounts managed in AWS Organizations AWS consoles OU = Development OU = Production Manage permissions to AWS accounts SSO access Permissions AWS SSO
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS SSO - Central access to AWS accounts • Connects to AWS Organizations and lists your AWS accounts • Allows filtering accounts by OU • Automatic SSO setup to AWS accounts • Centralized management of account permission sets • Define, apply, and reapply permission sets to all AWS accounts AWS accounts managed in AWS Organizations AWS consoles OU = Development OU = Production Manage permissions to AWS accounts SSO access Permissions AWS SSO
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Single password to access cloud services • Single corporate password works for cloud services • Stronger passwords improve security of cloud services • Access changes to cloud services as group membership changes in on-premises Active Directory • Immediate revocation of access to leaving employees. • Protects critical business data from unauthorized access Use your existing corporate identities
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS SSO – Connect your existing Active Directory AWS accounts managed in AWS Organizations AWS consoles OU = Development OU = Production Manage permissions to AWS accounts SSO access Permissions On-premises Microsoft Active Directory On-premises users and groups On-premises Active Directory Corporate data center AD Connector/ AD Trust AWS SSO
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AD AWS SE/EE AD Managed AD 1 On-premises Service account AD AD Connector 2 On-premises 1-way or 2-way trust AD Trust 3 Corporate Active Directory connection options Corporate Active Directory
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS SSO – Extends your existing business processes Groups On-Premises Active Directory Corporate data center User AWS accounts managed in AWS Organizations AWS consoles OU = Development OU = Production Map on-premises AD groups to accounts and applications
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Access to business applications • Preintegrated with commonly used cloud applications • Set up using simple step-by-step instructions • Vendor changes to the application configuration are taken care by AWS • Nuances of SAML integration simplified • Configure any SAML 2.0 application using application configuration wizard SSO access to business applications
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS SSO – Application configuration wizard Pick a preintegrated application Follow step-by-step customized instructions for each application Configure SSO Assign access 1 + 1 = 2C H S E
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Supports SAML 2.0 for custom applications Supports Security Assertion Markup Language 2.0 • Configure applications not in the preintegrated list • Internal applications built by you • Internal applications supplied by partners • Seamless access to applications during migration to the AWS Cloud SAML 2.0
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Easy to enable and use Easy to enable and use • No software or hardware needed • AWS managed service • No upfront investment or ongoing maintenance costs • Highly available service • Better visibility into access of cloud services using centralized auditing • Application access is instantaneous • Users can access cloud services from a central user portal
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Central place to access • One place to find all: • AWS consoles • Business applications • Custom internal applications • Easily search and find applications • No need to distribute or remember URLs or roles • Single corporate credentials give access to cloud services
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Centralized auditing • Audit all SSO access in AWS CloudTrail • Increased visibility into users’ SSO access to AWS accounts and cloud applications
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pricing and availability • Included with your AWS accounts at no additional charge • Public Preview in the US East (N. Virginia) Region
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demonstration
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Questions?

Recomendados

Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubAmazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security FundamentalsAmazon Web Services
 
Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS OrganizationsAmazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 

Recomendados

Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubAmazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security FundamentalsAmazon Web Services
 
Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS OrganizationsAmazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Web Services
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAmazon Web Services
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
Deep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerDeep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerAmazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
AWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughAWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughKaushik Mohanraj
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design Amazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerGerald Bachlmayr
 
Aws VPC
Aws VPCAws VPC
Aws VPCAbhishek Amralkar
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets ManagerAmazon Web Services
 
AWS Global Infrastructure Foundations
AWS Global Infrastructure Foundations AWS Global Infrastructure Foundations
AWS Global Infrastructure Foundations Amazon Web Services
 
AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trailzekeLabs Technologies
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM IntroductionAmazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
How to Manage Multiple AWS Accounts using AWS Organizations
How to Manage Multiple AWS Accounts using AWS OrganizationsHow to Manage Multiple AWS Accounts using AWS Organizations
How to Manage Multiple AWS Accounts using AWS OrganizationsAmazon Web Services
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAmazon Web Services
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
Deep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerDeep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerAmazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
AWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughAWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughKaushik Mohanraj
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
AWS Global Infrastructure Foundations
AWS Global Infrastructure Foundations AWS Global Infrastructure Foundations
AWS Global Infrastructure Foundations Amazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 

Mais procurados (20)

AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
 
Deep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerDeep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems Manager
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
 
AWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughAWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk Through
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS Migrations
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
Aws VPC
Aws VPCAws VPC
Aws VPC
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
 
AWS Global Infrastructure Foundations
AWS Global Infrastructure Foundations AWS Global Infrastructure Foundations
AWS Global Infrastructure Foundations
 
AWS Cloud trail
AWS Cloud trailAWS Cloud trail
AWS Cloud trail
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 

Semelhante a Deep Dive on AWS Single Sign-On - AWS Online Tech Talks

How to Manage Multiple AWS Accounts using AWS Organizations
How to Manage Multiple AWS Accounts using AWS OrganizationsHow to Manage Multiple AWS Accounts using AWS Organizations
How to Manage Multiple AWS Accounts using AWS OrganizationsAmazon Web Services
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...Amazon Web Services
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksAmazon Web Services
 
Centralized IAM Governance using CloudFormation StackSets and AWS Organizatio...
Centralized IAM Governance using CloudFormation StackSets and AWS Organizatio...Centralized IAM Governance using CloudFormation StackSets and AWS Organizatio...
Centralized IAM Governance using CloudFormation StackSets and AWS Organizatio...Amazon Web Services
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
 
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...Amazon Web Services
 
SRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS Config
SRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS ConfigSRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS Config
SRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS ConfigAmazon Web Services
 
Simplify Operations, Compliance and Governance using AWS Systems Manager
Simplify Operations, Compliance and Governance using AWS Systems ManagerSimplify Operations, Compliance and Governance using AWS Systems Manager
Simplify Operations, Compliance and Governance using AWS Systems ManagerAmazon Web Services
 
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Amazon Web Services
 
AWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_SingaporeAWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_SingaporeAmazon Web Services
 
Managing your AWS Organization using org-formation
Managing your AWS Organization using org-formationManaging your AWS Organization using org-formation
Managing your AWS Organization using org-formationOlaf Conijn
 
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Amazon Web Services
 
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB
 
Too Many Tools - How AWS Systems Manager Bridges Operational Models
Too Many Tools - How AWS Systems Manager Bridges Operational ModelsToo Many Tools - How AWS Systems Manager Bridges Operational Models
Too Many Tools - How AWS Systems Manager Bridges Operational ModelsAmazon Web Services
 
Advanced Techniques for Federation of the AWS Management Console and Command ...
Advanced Techniques for Federation of the AWS Management Console and Command ...Advanced Techniques for Federation of the AWS Management Console and Command ...
Advanced Techniques for Federation of the AWS Management Console and Command ...Amazon Web Services
 
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...Amazon Web Services
 
Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Amazon Web Services
 

Semelhante a Deep Dive on AWS Single Sign-On - AWS Online Tech Talks (20)

How to Manage Multiple AWS Accounts using AWS Organizations
How to Manage Multiple AWS Accounts using AWS OrganizationsHow to Manage Multiple AWS Accounts using AWS Organizations
How to Manage Multiple AWS Accounts using AWS Organizations
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
 
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech TalksLaunch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
Launch AWS Faster using Automated Landing Zones - AWS Online Tech Talks
 
Centralized IAM Governance using CloudFormation StackSets and AWS Organizatio...
Centralized IAM Governance using CloudFormation StackSets and AWS Organizatio...Centralized IAM Governance using CloudFormation StackSets and AWS Organizatio...
Centralized IAM Governance using CloudFormation StackSets and AWS Organizatio...
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
 
Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...
 
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
Enterprise Governance and Security Build Your AWS Landing Zone (SEC315) - AWS...
 
SRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS Config
SRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS ConfigSRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS Config
SRV209 Monitor Cross-Account and Cross-Region Compliance Status with AWS Config
 
Governance at Scale
Governance at Scale Governance at Scale
Governance at Scale
 
Simplify Operations, Compliance and Governance using AWS Systems Manager
Simplify Operations, Compliance and Governance using AWS Systems ManagerSimplify Operations, Compliance and Governance using AWS Systems Manager
Simplify Operations, Compliance and Governance using AWS Systems Manager
 
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
Enabling Governance, Compliance, and Operational and Risk Auditing with AWS M...
 
AWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_SingaporeAWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_Singapore
 
Managing your AWS Organization using org-formation
Managing your AWS Organization using org-formationManaging your AWS Organization using org-formation
Managing your AWS Organization using org-formation
 
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
 
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
 
Too Many Tools - How AWS Systems Manager Bridges Operational Models
Too Many Tools - How AWS Systems Manager Bridges Operational ModelsToo Many Tools - How AWS Systems Manager Bridges Operational Models
Too Many Tools - How AWS Systems Manager Bridges Operational Models
 
Advanced Techniques for Federation of the AWS Management Console and Command ...
Advanced Techniques for Federation of the AWS Management Console and Command ...Advanced Techniques for Federation of the AWS Management Console and Command ...
Advanced Techniques for Federation of the AWS Management Console and Command ...
 
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...
PaaS – From Code to Running Application using AWS Elastic Beanstalk (DEV323) ...
 
Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...Best practices for choosing identity solutions for applications + workloads -...
Best practices for choosing identity solutions for applications + workloads -...
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Deep Dive on AWS Single Sign-On - AWS Online Tech Talks

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anand Murugesan, Sr. Product Manager 2/1/2017 AWS Single Sign-On (SSO) business
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • Challenges in managing cloud services access • Introducing AWS SSO • Pricing and availability • Demonstration • Q &A
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How customers manage access to AWS accounts Employees • Permissions defined as policies • Attached to roles, users, and groups • Create AWS IAM users and assign permissions AWS account Permissions Amazon S3 buckets AWS Lambda functions Amazon EC2 instances Amazon RDS database instances
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Connect corporate directory Use it to control access to AWS resources through existing corporate Active Directory AWS account Permissions S3 buckets Lambda functions EC2 instances RDS database instances On-premises Microsoft Active Directory On-premises users and groups On-premises Active Directory Corporate data center
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Business scaling up Growing business • Demand for AWS resources • Different departments • Different purposes for same teams • Multiple AWS accounts provide security isolation Multiple AWS accounts
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud applications for business agility Multiple AWS accounts On-premises users Business cloud applications SSO access SSO access
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges Managing access to multiple AWS accounts and business applications is expensive, hard, and time-consuming. Managing multiple AWS accounts requires effort Hard to set up, operate, and use Numerous credentials No centralized security controls Access to business applications takes time and effort, and is expensive
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges – Managing multiple AWS accounts Managing multiple AWS accounts requires effort • Maintain a list of AWS accounts • General-purpose SSO solutions treat AWS accounts as separate applications and don’t integrate deeply • SSO Setup – Cut-and-paste configuration across consoles • New account? Repeat the setup process. Can’t scale business quickly • Set up roles in each account. Keep the roles updated • Managing user access to accounts
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges – Credentials and security control • Different password policies for different accounts and cloud applications • Numerous passwords–Password fatigue leads to weak passwords, writing down in cleartext • Access changes needs to be performed in cloud services manually • Removing access to cloud services is a manual process • Exposes critical business data to unauthorized access Numerous credentials No centralized security controls
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges – Access to business applications • Setting up SSO and troubleshooting each application typically took days • In some cases, this setup could take weeks because it required you to communicate back and forth with application vendors • Vendor changes to the application configuration results in unexpected loss of access and requires changes to configuration and troubleshooting again • Requires you to understand the nuances of SAML integration Access to business applications takes time and effort, and is expensive
  • 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges – Hard to set up and manage • Prepackaged SSO software requires you to procure hardware and install OS and patches • Involves SSO software installation and ongoing patching and upgrade • High availability and security require expertise and time • Upfront investment and ongoing maintenance costs • Visibility into access requires manual reconciliation of data across multiple accounts, applications, and corporate directory • Hard for administrators and users to keep track of application access details Hard to set up, operate, and use
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges - Summary Managing access to multiple AWS accounts and business applications is expensive, hard, and time-consuming. Managing multiple AWS accounts requires effort Hard to set up, operate, and use Numerous credentials No centralized security controls Access to business applications takes time and effort and is expensive
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introducing AWS SSO Centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications. Centrally manage access to multiple AWS accounts Easy to enable and use Use your existing corporate identities SSO access to business applications
  • 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Organizations – Account management A6 Development Test Production A8A1 A5 A4A3 A2 A9 A7 OU Allows you to organize AWS accounts Controls access to AWS services Apply service control policies OU OU Root
  • 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Central access to AWS accounts Centrally manage access to multiple AWS accounts • Lists AWS accounts managed in AWS Organizations • Works with all AWS accounts and integrates deeply • SSO setup to AWS accounts is automatic. • New accounts are set up automatically • Provisions permissions into all AWS accounts • Manage access to all accounts from a central place
  • 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS SSO - Central access to AWS accounts Centrally manage access to multiple AWS accounts AWS accounts managed in AWS Organizations AWS consoles OU = Development OU = Production Manage permissions to AWS accounts SSO access Permissions AWS SSO
  • 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS SSO - Central access to AWS accounts • Connects to AWS Organizations and lists your AWS accounts • Allows filtering accounts by OU • Automatic SSO setup to AWS accounts • Centralized management of account permission sets • Define, apply, and reapply permission sets to all AWS accounts AWS accounts managed in AWS Organizations AWS consoles OU = Development OU = Production Manage permissions to AWS accounts SSO access Permissions AWS SSO
  • 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Single password to access cloud services • Single corporate password works for cloud services • Stronger passwords improve security of cloud services • Access changes to cloud services as group membership changes in on-premises Active Directory • Immediate revocation of access to leaving employees. • Protects critical business data from unauthorized access Use your existing corporate identities
  • 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS SSO – Connect your existing Active Directory AWS accounts managed in AWS Organizations AWS consoles OU = Development OU = Production Manage permissions to AWS accounts SSO access Permissions On-premises Microsoft Active Directory On-premises users and groups On-premises Active Directory Corporate data center AD Connector/ AD Trust AWS SSO
  • 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AD AWS SE/EE AD Managed AD 1 On-premises Service account AD AD Connector 2 On-premises 1-way or 2-way trust AD Trust 3 Corporate Active Directory connection options Corporate Active Directory
  • 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS SSO – Extends your existing business processes Groups On-Premises Active Directory Corporate data center User AWS accounts managed in AWS Organizations AWS consoles OU = Development OU = Production Map on-premises AD groups to accounts and applications
  • 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Access to business applications • Preintegrated with commonly used cloud applications • Set up using simple step-by-step instructions • Vendor changes to the application configuration are taken care by AWS • Nuances of SAML integration simplified • Configure any SAML 2.0 application using application configuration wizard SSO access to business applications
  • 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS SSO – Application configuration wizard Pick a preintegrated application Follow step-by-step customized instructions for each application Configure SSO Assign access 1 + 1 = 2C H S E
  • 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Supports SAML 2.0 for custom applications Supports Security Assertion Markup Language 2.0 • Configure applications not in the preintegrated list • Internal applications built by you • Internal applications supplied by partners • Seamless access to applications during migration to the AWS Cloud SAML 2.0
  • 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Easy to enable and use Easy to enable and use • No software or hardware needed • AWS managed service • No upfront investment or ongoing maintenance costs • Highly available service • Better visibility into access of cloud services using centralized auditing • Application access is instantaneous • Users can access cloud services from a central user portal
  • 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Central place to access • One place to find all: • AWS consoles • Business applications • Custom internal applications • Easily search and find applications • No need to distribute or remember URLs or roles • Single corporate credentials give access to cloud services
  • 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Centralized auditing • Audit all SSO access in AWS CloudTrail • Increased visibility into users’ SSO access to AWS accounts and cloud applications
  • 28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pricing and availability • Included with your AWS accounts at no additional charge • Public Preview in the US East (N. Virginia) Region
  • 29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demonstration
  • 30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Questions?