Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

AWS Identity Center + Multi account access connector

0

Hey Support,

We are going to be integration Identity Center with Multi account access connector for different environments like Dev, Prod, and Management account.

What I want to understand is. we currently already have this setup but we do not have SSO enabled. We want to start using Identity Center for SSO. Before we transition into using it. There are some questions I want to ask.

  1. Is there any potential issues if we integrate Identity Center, we will also be using SCIM as well.? Like how will it affect the current users, permissions, roles, policys when transferring ovewr? Will anything break from our current setup? Would the transition be smooth? Do we have to recreate groups/roles/permissions or it will be populated over? Do we have to reassign licenses?

Our current setup is by accessing a link/URL in which we type in the account ID and username to login. We want to Setup AWS Identity Center with Multi Account access connector on Okta. We have 3 environments, which is Dev, Prod, and Management.

Thanks alot and appreciate it!

Aaron

Argomenti
Sicurezza, identità e conformità
Tag
Centro identità AWS IAM
Lingua
English
Aaron Lu
posta un anno fa322 visualizzazioni
1 Risposta
0

If you're using multiple accounts and want to leverage IAM Identity Center, then I would recommend at the very least enrolling all of those environments within the same AWS Organization so that you can leverage the same IAM IC for all of your identity and access needs.

From the IAM IC documentation:

IAM Identity Center provides support for the System for Cross-domain Identity Management (SCIM) v2.0 standard. SCIM keeps your IAM Identity Center identities in sync with identities from your IdP. This includes any provisioning, updates, and deprovisioning of users between your IdP and IAM Identity Center.

In terms of your existing users/permissions/roles -- your existing permission sets/roles/permissions will remain in tact, but you will be provisioning users from your IdP and mapping them to permissions once authenticated. If you're using IAM Users exclusively right now, you can roll out IAM IC and establish your user/permission set mappings without affecting that access. That being said, once you have your SSO tuned the way you want it, I would recommend using that method exclusively for managing access to your environment.

AWS
tparrott
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente