Configuration
AWS Identity Center (IC/SSO) Setup Guide
Step-by-step instructions for configuring AWS SSO with External IDP
AWS Identity Center (IC/SSO) Setup Guide
This document provides a high-level overview of how to configure AWS IAM Identity Center (AWS Single Sign-On) with Google Workspace and Microsoft Entra ID (formerly Azure AD) as identity providers.Prerequisites
- AWS Account with IAM Identity Center enabled.
- Administrative access to Google Workspace or Microsoft Entra ID.
- Domain verified within the identity provider.
- Access to AWS Management Console.
Configuration Steps
1. Enable IAM Identity Center
- Log in to the AWS Management Console.
- Navigate to IAM Identity Center.
- Click Enable if not already enabled.
2. Setup Identity Provider (IdP)
Follow the AWS documentation for configuring SAML-based SSO with your provider:-
Google Workspace:
- Use this guide
- AWS Blog instructions
-
Microsoft Entra ID:
- Use this guide
- AWS Blog instruction
3. Download Metadata
- From the IAM Identity Center Settings page, download the AWS SSO SAML metadata file.
- Import the metadata file into your IdP configuration.
4. Map Users and Groups
- Configure attribute mappings based on your organization’s requirements.
- Map required roles and permissions in AWS for the users and groups.
5. Test Configuration
- Assign test users to the application in your IdP.
- Attempt to sign in using the AWS SSO URL.
- Verify access and permissions.
Additional Resources
For more detailed configuration instructions, visit the AWS documentation:Notes
- AWS recommends enabling Multi-Factor Authentication (MFA) for additional security.
- Keep your metadata and certificates up to date to avoid service interruptions.