How can I use Azure AD SSO to add users to my AWS Account?

Tags cloud AWS SSO

Table of Contents

 

Overview of group permissions

We create three groups in Azure AD for every account in AWS. You can add users to these groups to give them permissions to your account. These group names are based on a naming standard and your account name. We give the account owners permissions to update these groups. You can also use IAM policies to apply more granular permissions for resources and users.

  • AWS_UIC_<your account name>_read - Has permissions to view objects in your account
  • AWS_UIC_<your account name>_power - Has permissions to view and modify resources in your account.
  • AWS_UIC_<your account name>_admin - Has your full control over your account, and can also view account billing information

Managing your groups

You can use the Azure AD group tool to manage groups in Azure AD. You can access the tool here:  https://account.activedirectory.windowsazure.com/r#/groups 

After you log into the group tool, click on the arrow to the left of "My Apps" and open the "My Groups" Menu item

Adding users to groups

Search for one of the groups that controls access to your account. It will be of the form "AWS_UIC_"<your account name>

 

Next, click on the plus sign to add members

Then search for a group member you want to add and click the "Add" Button. You can search by name or NetID

 

 

User Account Synchronization

After you've added users to your account, please wait up to 1 hour for those accounts to synchronize with AWS

 

User Account Sign In

Users can sign in via SSO at the following URL: https://d-9a672cc795.awsapps.com/start

Details

Article ID: 2403
Created
Tue 3/29/22 3:34 PM
Modified
Tue 5/17/22 1:41 PM