Using AWS Managed AD as an OAuth/SSO provider for non AWS apps?
Is it possible to use AWS Managed AD as an OAuth/SSO provider for external applications? I've read all about using it to enable SSO to the AWS console and specific apps with AWS but I'd like to use it for authenticating in a non-AWS web app.
In this case, it would be for applications actually running within ec2 instances within the network, nothing leaving AWS.
Our AWS Managed AD is our only AD, nothing hybrid or or on-prem.
And yes, I see you AWS Cognito -- trying use what I already have rather than add another service.
- 최신
- 최다 투표
- 가장 많은 댓글
Unfortunately, I am worried to convey that No, it is not possible to use AWS Managed AD as an OAuth/SSO provider for external applications. The AWS managed AD only support NTLM and Kerberos authentication, if there is a requirement to integrate OAuth/SSO solution, you must use AWS SSO(Identity Center) or deploy ADFS server.
Moreover, AWS Managed AD doesn’t have public IP address, so it cannot provide internet facing authentication.
Lastly, I have shared below blog link that clearly explains how kerberos works.
[+] Everything you wanted to know about trusts with AWS Managed Microsoft AD https://aws.amazon.com/blogs/security/everything-you-wanted-to-know-about-trusts-with-aws-managed-microsoft-ad/
I hope the above information is helpful.
관련 콘텐츠
- 질문됨 8달 전
AWS 공식업데이트됨 3년 전
I guessed this was the case. The public IP address isn't an issue as all of the accessing resources are within the account (and aws networks) . I'll have to look into azure AD and federation I suppose.