Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Customize the login process via SSO for AppStream 2.0 (color, logo, logon-url, etc.)

0

Hello and good day,

excuse my poor english. I have a fully configured, functional environment. But we would like to have a personalized login process. I have:

  • AWS Active Directory
  • AppStream 2.0 (domain joined fleet)
  • IAM Identity Center sync users with AWS AD
  • Logon via IAM Identity Portal Url. The url is like this: https://myapps.awsapps.com/start

The login process:

  • User enters the url in the browser and enters his access data (upn from AWS AD)
  • The user must then select the stack
  • In the next step, the user must select the application, even if there is only one.
  • If the certificate-based authentication is configured, the user can then use the app without having to enter their access data again.

Questions / I would like the following

  1. A custom url like https://myapp.mydomain.com
  2. A login page with our colors, logos (corporate identity)
  3. After logging in, the user should be forwarded directly to the application or desktop. The page with the app would also be fine, but I would like to bypass the page with the stack selection.

I hope I have described everything clearly.

Thanks and best regards.

Topics
End User ComputingSecurity, Identity, & Compliance
Tags
AWS IAM Identity CenterAmazon AppStreamSecurity, Identity, & Compliance
Language
English
asked a year ago778 views
2 Answers
9

1. Custom URL Setup

First, you want to set up a custom domain for your AppStream 2.0 login:

Custom Domain and SSL Certificate:

Obtain a custom domain (e.g., https://myapp.mydomain.com) and configure it to point to the AppStream 2.0 default URL (https://myapps.awsapps.com/start).

Ensure you have an SSL certificate for your custom domain. You can use AWS Certificate Manager (ACM) to provision and manage SSL/TLS certificates.

2. Customize Login Page

To customize the login page with your colors, logos, and corporate identity:

Using AWS SSO Customization:

AWS SSO provides the ability to customize the login page to some extent. You can upload your organization's logo and customize the primary color. Go to the AWS SSO console, select your instance, and navigate to the "Settings" tab where you can upload your logo and set the primary color.

3. Configure Login Flow

To streamline the login flow and bypass stack selection:

Configure AppStream 2.0 Application Catalog:

In the AppStream 2.0 console, go to "Fleets" and select your fleet.

Navigate to the "Image Builder" section and configure your application(s) in the AppStream 2.0 image.

Ensure that you have a single stack configured (if you want to bypass stack selection) or manage stacks to control user access.

4. Single Sign-On (SSO) Configuration

Ensure that your SSO setup is correctly integrated:

AWS Active Directory Integration:

AppStream 2.0 integrates with AWS Directory Service for Microsoft AD. Ensure your users are synced and managed through AWS AD.

Use AWS IAM Identity Portal URL (https://myapps.awsapps.com/start) for SSO login.

Configure IAM policies to manage access to AppStream 2.0 resources based on user roles and permissions.

5. URL Redirection To redirect users directly to applications or desktops after login:

Use AppStream 2.0 URLs:

Construct URLs that point directly to the application or desktop session.

For example:

Directly to an application: https://myapp.mydomain.com/app/myapp Directly to a desktop: https://myapp.mydomain.com/desktop/mydesktop You can customize these URLs based on your application stack configurations in AppStream 2.0.

EXPERT
answered a year ago
EXPERT
reviewed a year ago
  • rePost-User-4909364
    a year ago

    I still have a few things to ask... (Moved to comment)

    1. Custom URL Setup You mean I simply configure a DNS entry (CNAME) that points to the AWS login portal?

    2. Customize Login Page This option is not available in IAM Identity Center. It existed when IAM Identity Center was still AWS SSO. Is there another option?

    3. Configure Login Flow Ensure that you have a single stack configured (if you want to bypass stack selection) or manage stacks to control user access.

    The AWS Access Portal is also displayed with only one stack. An account or an application can/must be selected in the AWS Access Portal. The AWS Access Portal is still part of the IAM Identity Center, not AppStream.

    5. URL Redirection To redirect users directly to applications or desktops after login: What do you mean? Domain-joined fleets cannot be called via direct appstream urls.

    Thanks and best regards

0

Thank you for the detailed answer. I am still fairly new to AWS. I need some time to understand and configure it and will get back to you with the result.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content