AWS Single Sign-On | General Flashcards
What is AWS Single Sign-On (AWS SSO)?
General
AWS Single Sign-On | Security, Identity & Compliance
AWS SSO is an AWS service that enables you to use your existing credentials from your Microsoft Active Directory to access your cloud-based applications, such as AWS accounts and business applications (Office 365, Salesforce, Box), by using single sign-on (SSO).
What are the benefits of AWS SSO?
General
AWS Single Sign-On | Security, Identity & Compliance
You can use AWS SSO to quickly and easily assign and manage your employees’ access to multiple AWS accounts, SAML-enabled cloud applications (such as Salesforce, Office 365, and Box), and custom-built in-house applications, all from a central place. Employees can be more productive by signing in with their existing corporate Active Directory user names and passwords to access their applications from their personalized user portal. Now, employees won’t need to remember multiple sets of credentials and access URLs to cloud applications, and new employees can be productive starting on day one. After you’ve added users to the appropriate Active Directory group, they will automatically gain access to accounts and applications that are enabled for members of that group. You’ll get better visibility into cloud application use because you can monitor and audit sign-in activity centrally from AWS CloudTrail.
What problems does AWS SSO solve?
General
AWS Single Sign-On | Security, Identity & Compliance
AWS SSO eliminates the administrative complexity of custom SSO solutions you use to provision and manage identities across AWS accounts and business applications. As you use multiple AWS accounts and add accounts regularly, setting up SSO with Active Directory Federation Services (AD FS) to access these accounts requires learning the custom AD FS claims programming language. You also need to prepare the AWS accounts with necessary permissions to access these accounts. AWS SSO is available at no additional cost, and it reduces the complexity of repetitive setup and disparate management by tightly integrating with AWS. If you use separate passwords to access different AWS accounts or cloud applications, AWS SSO simplifies the user experience and improves security by eliminating individual passwords needed for each AWS account or cloud business application. AWS SSO also solves the problem of limited visibility of the access to your cloud applications by integrating with AWS CloudTrail and providing a central place for you to audit SSO access to AWS accounts and SAML-enabled cloud applications, such as Office 365, Salesforce, and Box.
Why should I use AWS SSO?
General
AWS Single Sign-On | Security, Identity & Compliance
You should use AWS SSO to help your employees become productive quickly by granting them access to AWS accounts and business cloud applications, without writing custom scripts or investing in general-purpose SSO solutions. You should also use AWS SSO to reduce the administrative complexity and cost of setting up and managing SSO access.
AWS SSO is the place where your employees can access your AWS accounts and the applications they need in the course of their work from the AWS SSO user portal, regardless of where these applications were built or are hosted.
What can I do with AWS SSO?
General
AWS Single Sign-On | Security, Identity & Compliance
You can use AWS SSO to quickly and easily assign your employees access to AWS accounts managed with AWS Organizations, business cloud applications (such as Salesforce, Office 365, and Box), and custom applications that support Security Assertion Markup Language (SAML) 2.0. Employees can sign in with their existing corporate user names and passwords to access their business applications from a single user portal. AWS SSO also allows you to audit users’ access to cloud services by using AWS CloudTrail.
Who should use AWS SSO?
General
AWS Single Sign-On | Security, Identity & Compliance
AWS SSO is for administrators who manage multiple AWS accounts and business applications, want to centralize user access management to these cloud services, and want to provide employees a single location to access these accounts and applications without them having to remember yet another password.
How do I start using AWS SSO?
General
AWS Single Sign-On | Security, Identity & Compliance
As a new AWS SSO customer, you:
Sign in to the AWS Management Console of the master account in your AWS account and navigate to the AWS SSO console.
Select the directory you use for storing the identities of your users and groups from the AWS SSO console by clicking through a list of Active Directory and Active Directory Connector instances that AWS SSO discovers in your account automatically. If you have not set up a directory yet, see Getting Started.
Grant users SSO access to AWS accounts in your organization by selecting the AWS accounts from a list populated by AWS SSO, and then selecting users or groups from your directory and the permissions you want to grant them.
Give users access to business cloud applications by:
Selecting one of the applications from the list of preintegrated applications supported in AWS SSO.
Configuring the application by following the configuration instructions.
Selecting the users or groups that should be able to access this application.
Give your employees the AWS SSO sign-in web address that was generated when you connected the directory so that they can sign in to AWS SSO with their Active Directory user name and password, and access accounts and business applications.
How much does AWS SSO cost?
General
AWS Single Sign-On | Security, Identity & Compliance
AWS SSO is offered at no extra charge.