Using AWS Managed AD as an OAuth/SSO provider for non AWS apps?
Is it possible to use AWS Managed AD as an OAuth/SSO provider for external applications? I've read all about using it to enable SSO to the AWS console and specific apps with AWS but I'd like to use it for authenticating in a non-AWS web app.
In this case, it would be for applications actually running within ec2 instances within the network, nothing leaving AWS.
Our AWS Managed AD is our only AD, nothing hybrid or or on-prem.
And yes, I see you AWS Cognito -- trying use what I already have rather than add another service.
- Newest
- Most votes
- Most comments
Unfortunately, I am worried to convey that No, it is not possible to use AWS Managed AD as an OAuth/SSO provider for external applications. The AWS managed AD only support NTLM and Kerberos authentication, if there is a requirement to integrate OAuth/SSO solution, you must use AWS SSO(Identity Center) or deploy ADFS server.
Moreover, AWS Managed AD doesn’t have public IP address, so it cannot provide internet facing authentication.
Lastly, I have shared below blog link that clearly explains how kerberos works.
[+] Everything you wanted to know about trusts with AWS Managed Microsoft AD https://aws.amazon.com/blogs/security/everything-you-wanted-to-know-about-trusts-with-aws-managed-microsoft-ad/
I hope the above information is helpful.
Relevant content
- asked 4 months ago
- Accepted Answerasked 7 years ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 2 months ago
I guessed this was the case. The public IP address isn't an issue as all of the accessing resources are within the account (and aws networks) . I'll have to look into azure AD and federation I suppose.