AWS Single Sign-On SSO
- AWS Single Sign-On is a cloud-based single sign-on (SSO) service that makes it easy to centrally manage SSO access to all of the AWS accounts and cloud applications.
- AWS SSO also helps manage access and permissions to commonly used third-party software as a service (SaaS) applications, AWS SSO-integrated applications as well as custom applications that support SAML 2.0.
- AWS SSO includes a user portal where the end-users can find and access all their assigned AWS accounts, cloud applications, and custom applications in one place.
AWS SSO Features
- AWS Organizations Integration
- natively integrates with AWS Organizations and enumerates all the AWS accounts.
- SSO access to AWS accounts and cloud applications
- helps manage Single Sign-On across all the AWS accounts, cloud applications, AWS SSO-integrated applications, and custom SAML 2.0–based applications, without custom scripts or third-party SSO solutions.
- Create and manage users and groups in AWS SSO
- provides a default store to manage the users and groups directly in the console.
- It also connects to an existing AWS Managed Microsoft AD directory and manages the users with standard Active Directory management tools provided in Windows Server.
- Leverage your existing corporate identities
- is integrated with Microsoft AD through the AWS Directory Service to allow sign-in to the AWS Single Sign-On user portal using their corporate Active Directory credentials.
- Compatible with commonly used cloud applications
- supports commonly used cloud applications such as Salesforce, Box, and Office 365.
- Easy to set up and monitor usage
- Is quick to set up, highly available and provides a completely secure infrastructure that scales to the needs and does not require software or hardware to manage.
- Integrates with AWS CloudTrail providing the visibility to monitor and audit Single Sign-On activity in one place.
- Co-exists with existing IAM users, roles, and policies
- has no impact on the users, roles, or policies that are already managed in IAM.
- No-cost identity management
- available at no additional cost.
AWS SSO Identity Source
- AWS SSO identity store
- provides a default store to create and manage the users and groups, and assign their level of access to the AWS accounts and applications.
- Active Directory
- Supports self-managed Active Directory (AD) or AWS Managed Microsoft AD directory using AWS Directory Service.
- External identity provider
- Supports external identity providers (IdP) such as Okta or Azure AD.
AWS Certification Exam Practice Questions
- Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
- AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
- AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
- Open to further feedback, discussion and correction.
- Which of the following can a customer use to enable single sign-on (SSO) to the AWS Console?
- Amazon Connect
- AWS Single Sign-On
- Amazon Pinpoint
- Amazon Rekognition