Step 1: Login AWS console and find IAM SSO. In dashboard enable IAM identity center.
Step 2: Change your AWS access port URL. Change a custom URL go to settings summary and enter subdomain name.
Step 3: Go to settings, In Identity source click on change identity source, then select External identity provider and click on next download metadata file.
Step 4: Open the Azure AD portal.
Step 5: Go to Enterprise applications, select a new application, and find the AWS IAM Identity Center application and click on create. you can enter your application name before creating it if you want.
Step 6: Go to the application, click on users & groups in the left panel, then add users and select your organization users and click on assign.
Step 7: Go to the application, click on Single sign-on in the left panel, then select SMAL, after that click on upload metadata file and choose a downloaded file from AWS, then click on save. download the Federation Metadata XML file.
Step 8: Go to the AWS IAM portal that was previously open, in identity provider metadata upload the download file from Azure AD and Click on next
Step 9: After that go to settings and enable Automatic provisioning. then pop-up windows will open, and you will see the SCIM endpoint URL and access token copy
both.
Step 10: Go to the Azure AD portal and open your application. In the left plane, select provisioning then clicks on get started, chose provisioning mode automatic, past URL, and access the token into Tenant URL and secret token. Then click on test connection, if all things are set up correctly you will see a success notification. after that click on save.
Step 11: In the provisioning tab click on start provisioning, after some time you will see the status of your provisioning. The provisioning timer is fixed to 40 minutes. If you don't wait for a new user that assigns, click on Provision on demand then select the user and click on the provision.
Step 12: After previsioning added user will show.
Step 13: Go to the AWS IAM dashboard, select permission sets. Click on create, choose your permission set that predefines or custom permission set, click on create.
Step 14: Go to AWS accounts, click on assign users and then select user & permission sets after click on submit.
コメント