How can I use Azure AD SSO to add users to my AWS Account?

Tags cloud AWS SSO

Table of Contents

Overview of group permissions

We create three groups in Azure AD for every account in AWS. You can add users to these groups to give them permissions to your account. These group names are based on a naming standard and your account name. We give the account owners permissions to update these groups. You can also use IAM policies to apply more granular permissions for resources and users.

  • AWS_UIC_<your account name>_read - Has permissions to view objects in your account
  • AWS_UIC_<your account name>_power - Has permissions to view and modify resources in your account.
  • AWS_UIC_<your account name>_admin - Has your full control over your account, and can also view account billing information

Managing your groups

You can use the Azure AD group tool to manage groups in Azure AD. You can access the tool here:

My Account

After you log into the group tool, click on the arrow to the left of "My Apps" and open the "My Groups" Menu item.

Adding users to groups

Search for one of the groups that controls access to your account. It will be of the form "AWS_UIC_"<your account name>

Next, click on the plus sign to add members.

Then search for a group member you want to add and click the "Add" Button. You can search by name or NetID.


User Account Synchronization

After you've added users to your account, please wait up to 1 hour for those accounts to synchronize with AWS.

User Account Sign In

Users can sign in via SSO at the following URL:

Print Article


Article ID: 2403
Tue 3/29/22 3:34 PM
Thu 6/22/23 12:51 PM

Related Services / Offerings (1)

Amazon Web Services (AWS) is a secure cloud services platform that offers services such as: compute power, database storage, content delivery and other functionality to help UIC innovate and meet your organizational needs.