Setting up 1 transfer server that'll handle authentication using AzureAD, SSH keys, and Password authentication

Question

I am currently looking at the best architecture for my company's SFTP process using AWS Transfer Family. Currently using third party SFTP software, we allow our external clients to sign in to our SFTP servers by way of:

1. password authentication
or
2. SSH keys

As my company migrates off our 3rd party software to AWS, we are hoping to keep the same authentication options for our clients (i have already looked into articles related to [this](https://aws.amazon.com/blogs/storage/enable-password-authentication-for-aws-transfer-family-using-aws-secrets-manager-updated/)).

However, for our internal business users, we are wanting to integrate AzureAD for authenticating our business users to our Transfer server.

My question is: Is it possible to set up 1 Transfer server that handles password & SSH authentication for external clients AND also AzureAD authentication for internal users? OR do I need to set up 2 separate Transfer servers: 1 for authenticating using password/SSH, 1 for authenticating using AzureAD?

Thank you!

Accepted Answer

If you are looking to have password/key based authentication along with AD authentication then it is supported via creating two separate servers one with password (AND/OR) key based authentication (https://docs.aws.amazon.com/transfer/latest/userguide/custom-identity-provider-users.html) and another one with AD (https://docs.aws.amazon.com/transfer/latest/userguide/directory-services-users.html)

Setting up 1 transfer server that'll handle authentication using AzureAD, SSH keys, and Password authentication

相關內容