Using AWS Managed AD as an OAuth/SSO provider for non AWS apps?

1

Is it possible to use AWS Managed AD as an OAuth/SSO provider for external applications? I've read all about using it to enable SSO to the AWS console and specific apps with AWS but I'd like to use it for authenticating in a non-AWS web app.

In this case, it would be for applications actually running within ec2 instances within the network, nothing leaving AWS.

Our AWS Managed AD is our only AD, nothing hybrid or or on-prem.

And yes, I see you AWS Cognito -- trying use what I already have rather than add another service.

profile picture
asked 10 months ago416 views
1 Answer
0
Accepted Answer

Unfortunately, I am worried to convey that No, it is not possible to use AWS Managed AD as an OAuth/SSO provider for external applications. The AWS managed AD only support NTLM and Kerberos authentication, if there is a requirement to integrate OAuth/SSO solution, you must use AWS SSO(Identity Center) or deploy ADFS server.

Moreover, AWS Managed AD doesn’t have public IP address, so it cannot provide internet facing authentication.

Lastly, I have shared below blog link that clearly explains how kerberos works.

[+] Everything you wanted to know about trusts with AWS Managed Microsoft AD https://aws.amazon.com/blogs/security/everything-you-wanted-to-know-about-trusts-with-aws-managed-microsoft-ad/

I hope the above information is helpful.

AWS
SUPPORT ENGINEER
Ankur_V
answered 10 months ago
  • I guessed this was the case. The public IP address isn't an issue as all of the accessing resources are within the account (and aws networks) . I'll have to look into azure AD and federation I suppose.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions