AWS SSO
AWS IAM Identity Center formerly known as AWS Single Sign-On (AWS SSO) is a cloud service that allows you to grant your users access to AWS resources, such as Amazon EC2 instances, across multiple AWS accounts. By default, AWS SSO now provides a directory that you can use to create users, organize them in groups, and set permissions across those groups.
Creating an AWS SSO connection
An external identity provider with automatic provisioning must be configured to create a AWS SSO connection.
To create the connection you need:
- An access token
- The SCIM URL
Obtaining the credentials
First, configure an external identity provider.
Follow the AWS SSO docs to connect to your desired provider.
For G-Suite, follow the linked article.
Next, enable automatic provisioning to obtain the access token.
If it is not enabled, go to Settings > Enable automatic provisioning. A dialog window appears with start URL and the Access Token. Save these values.
Otherwise, regenerate the access token by following the AWS documentation.
Creating your connection
- In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
- Select the AWS SSO icon. A dialog box with name of the connection and connection methods appear.
- (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
- Select Access Token as the method to make the connection.
- Fill in the parameters:
- The URL, including the
/scim/v2/suffix - The access token
- The URL, including the
- (Optional) Click Test Connection to test it.
- Click Create connection. The new connection appears on the Connections page.