Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Impact of Implementing AWS Federated SSO with Google Workspace on Existing AWS IAM Users

0

I am looking to implement AWS federated SSO using Google Workspace. We currently have existing users in AWS IAM with email addresses that match those in our Google Workspace. Will the implementation of federated SSO with Google Workspace affect these existing AWS IAM users? Specifically, will they still be able to log in with their AWS IAM credentials, or will they be required to use their Google Workspace credentials after the implementation?

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity CenterAWS Identity and Access Management
Language
English
asked 2 years ago439 views
1 Answer
1
Accepted Answer

Hi Gagan,

Please go through the below steps i hope it will helps to resolve your issue.

Implementing AWS Federated SSO with Google Workspace Using AWS Federated SSO (Single Sign-On) with Google Workspace allows users to log in to AWS using their Google Workspace credentials. Here’s how this affects your existing AWS IAM users

Impact on Existing AWS IAM Users

Two Ways to Log In:

  • AWS IAM Credentials: Users who currently log in with AWS IAM credentials (username and password) can continue to use these credentials. Implementing SSO does not disable their IAM credentials.
  • Google Workspace SSO: Users can also log in using their Google Workspace credentials.

Smooth Transition:

  • Users can choose to log in either with their existing AWS IAM credentials or with their Google Workspace credentials. This makes the transition easy and flexible.

User Experience:

  • SSO Login: Users will be redirected to the Google Workspace login page to enter their Google credentials.
  • IAM Login: Users can still use their IAM credentials as they normally do.

Steps to Implement AWS Federated SSO with Google Workspace

Set Up Google Workspace as a SAML IdP:

  • Configure Google Workspace to act as a SAML Identity Provider (IdP) for AWS.
  • Follow the setup guide: Google Workspace SAML SSO Setup.

https://support.google.com/a/answer/12032922?hl=en

Create an AWS IAM Identity Provider:

In AWS, create a new SAML identity provider and upload the SAML metadata XML file from Google Workspace. Refer to the AWS guide: AWS SAML Identity Providers.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html

Configure AWS SAML Roles:

  • Define IAM roles in AWS that users from Google Workspace can assume.
  • Map attributes from Google Workspace to AWS roles to control access.

Detailed steps: AWS SAML Role Configuration.

https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html

Keeping IAM Credentials Active

To ensure users can still log in with their AWS IAM credentials:

  • Keep IAM Credentials Active: Make sure IAM credentials are not disabled.
  • Inform Users: Let users know about the new SSO option and how to use their Google Workspace credentials.
EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago
EXPERT
reviewed 2 years ago
EXPERT
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content