AWS Single Sign-On SSO

AWS Single Sign-On SSO

  • AWS Single Sign-On is a cloud-based single sign-on (SSO) service that makes it easy to centrally manage SSO access to all of the AWS accounts and cloud applications.
  • AWS SSO also helps manage access and permissions to commonly used third-party software as a service (SaaS) applications, AWS SSO-integrated applications as well as custom applications that support SAML 2.0.
  • AWS SSO includes a user portal where the end-users can find and access all their assigned AWS accounts, cloud applications, and custom applications in one place.

AWS SSO Features

  • AWS Organizations Integration
    • natively integrates with AWS Organizations and enumerates all the AWS accounts.
  • SSO access to AWS accounts and cloud applications
    • helps manage Single Sign-On across all the AWS accounts, cloud applications, AWS SSO-integrated applications, and custom SAML 2.0–based applications, without custom scripts or third-party SSO solutions.
  • Create and manage users and groups in AWS SSO
    • provides a default store to manage the users and groups directly in the console.
    • It also connects to an existing AWS Managed Microsoft AD directory and manages the users with standard Active Directory management tools provided in Windows Server.
  • Leverage your existing corporate identities
    • is integrated with Microsoft AD through the AWS Directory Service to allow sign-in to the AWS Single Sign-On user portal using their corporate Active Directory credentials.
  • Compatible with commonly used cloud applications
    • supports commonly used cloud applications such as Salesforce, Box, and Office 365.
  • Easy to set up and monitor usage
    • Is quick to set up, highly available and provides a completely secure infrastructure that scales to the needs and does not require software or hardware to manage.
    • Integrates with AWS CloudTrail providing the visibility to monitor and audit Single Sign-On activity in one place.
  • Co-exists with existing IAM users, roles, and policies
    • has no impact on the users, roles, or policies that are already managed in IAM.
  • No-cost identity management
    • available at no additional cost.

AWS SSO Identity Source

  • AWS SSO identity store
    • provides a default store to create and manage the users and groups, and assign their level of access to the AWS accounts and applications.
  • Active Directory
    • Supports self-managed Active Directory (AD) or AWS Managed Microsoft AD directory using AWS Directory Service.
  • External identity provider
    • Supports external identity providers (IdP) such as Okta or Azure AD.

AWS SSO Use Case

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. Which of the following can a customer use to enable single sign-on (SSO) to the AWS Console?
    1. Amazon Connect
    2. AWS Single Sign-On
    3. Amazon Pinpoint
    4. Amazon Rekognition