By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Authenticate VPN with IAM Identity Center

0

I am trying to set up a VPN that authenticates against IAM. There is a seemingly good blog post:

https://aws.amazon.com/blogs/security/authenticate-aws-client-vpn-users-with-aws-single-sign-on/

That I am trying to use. Unfortunately, there is a key piece of information that appears to be missing from that post. I have followed all the prerequisite steps described. I am stuck in the section:

Create and configure the Client VPN SAML applications in AWS IAM Identity Center It states:

  1. In the AWS IAM Identity Center console, select Applications from the left pane and select Add a new application.
  2. Select Add a custom SAML 2.0 application to use as the IdP for the Client VPN software

When I select Applications from the left pane and select add a new application, I do not have the application list populated with a "Add a custom SAML 2.0 application". My list is empty. I cannot find any information on how to add the custom SAML 2.0 application into my available applications list. I have tried both with the root user, and an admin IAM user with all admin privileges.

Can someone describe to me how to add the "custom SAML 2.0 application" to my availabile applications list.

Topics
Security, Identity, & ComplianceNetworking & Content Delivery
Tags
AWS Identity and Access ManagementAWS Client VPN
Language
English
spiritcloud
asked 4 months ago419 views
3 Answers
0

Have you tried this out first? https://docs.aws.amazon.com/singlesignon/latest/userguide/customermanagedapps-saml2-setup.html

profile picture
EXPERT
Antonio_Lagrotteria
answered 4 months ago
  • spiritcloud
    4 months ago

    Thanks for your suggestion. I must be missing something along the way. I read that blog, and followed instructions in:

    https://docs.aws.amazon.com/singlesignon/latest/userguide/customermanagedapps-saml2-setup.html

    In the section:

    Set up an application from the application catalog:

    It states:

    1. Open the IAM Identity Center console.
    2. Choose Applications.
    3. Choose the Customer managed tab.
    4. Choose Add application.

    For item 3., I do not have a "Customer managed tab". I only have an "AWS Managed" tab.

    Do you have any idea what I'm missing?

0

Hello.

Perhaps, but I think the document UI and the management console UI are slightly different.
So, as shown in the image below, select "I have an application I want to set up", select "SAML 2.0", and then click "Next". On the next screen, select "Display name" and "Application Metadata". " can be set.
a

b

c

profile picture
EXPERT
Riku_Kobayashi
answered 4 months ago
0

Thanks to those who provided some suggestions. I have been able to get past my block. The issue had to do with the type of "IAM Identity Center" I created. When enabling the IAM Identity Center, the user is first presented with a question on the type to create. I believe there were two choices: An organization type, or an individual type. The individual type has a comment stating that it is useful for testing purposes. Since I am setting this up for the first time, I figured it would be easier to select the individual type. That was my mistake. Had I selected the organization type, all the documentation would have been consistent. To change this, I needed to delete my Identity Center and start over.

This would probably be a useful detail to include in the blog.

Thank again, and Happy New Year.

spiritcloud
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content