Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

ALL AWS Specialty Practice Exams for only $17.99 $13.99 each!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional Integrate on-prem AD with Identity Center. SAML? SCIM? Permission sets?

  • Integrate on-prem AD with Identity Center. SAML? SCIM? Permission sets?

  • alexander.friesen

    Member
    February 3, 2024 at 9:41 pm

    Hi all!

    What would be the correct solution here?

    Question:

    To provide users from existing on-prem “Active Directory” AD

    access to the AWS console

    via “AWS Identity Center”

    how would “Active Directory” be integrated?
    How do SAML, SCIM, play together here?

    Would the authorization be provided via Identity Center’s “permission sets” ?

    – OptionA: via SAML 2.0

    – OptionB: via as “External Identity Provider”

    and permissions would be regulated via

    – Option1: via “permission sets” with attached policies

    – Option2: via ABAC?

    Options to integrate identity providers in “Identity Center”:

    – Identity Center Directory

    – its build in into access portal. You will manage all users and groups in IAM Identity Center. Users sign in through the AWS access portal.”

    – Active Directory

    – You will manage all users and groups in AWS Managed Microsoft AD, or you can connect IAM Identity Center to Active Directory by using AWS Managed Microsoft AD or AD Connector. Users sign in through the AWS access portal.

    – External Identity Provider

    – You will manage all users and groups in an external identity provider (IdP). Users sign in to your IdP sign-in page, and are redirected to the AWS access portal. After they sign in to the AWS access portal, they can access their assigned AWS accounts and cloud applications.

    Information SCIM and SAML:

    SAML (Security Assertion Markup Language) is an authentication protocol. It enables single sign-on (SSO), allowing users to log in to multiple applications with one set of credentials. SAML works by exchanging secure tokens between systems, verifying the user’s identity without needing to re-enter their password each time.

    SCIM (System for Cross-domain Identity Management), on the other hand, is a user provisioning protocol. It focuses on managing user accounts across different systems. SCIM allows you to automate tasks like creating, updating, and deleting user accounts, as well as assigning them to groups and roles.

  • Neil-TutorialsDojo

    Member
    February 5, 2024 at 12:20 pm

    Hi alexander.friesen,

    Could you please share the full question here for us to help you better? Thank you

    Regards,
    Neil @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now