AWS Identity Center (IC/SSO) Setup Guide

This document provides a high-level overview of how to configure AWS IAM Identity Center (AWS Single Sign-On) with Google Workspace and Microsoft Entra ID (formerly Azure AD) as identity providers.

Prerequisites

  1. AWS Account with IAM Identity Center enabled.

  2. Administrative access to Google Workspace or Microsoft Entra ID.

  3. Domain verified within the identity provider.

  4. Access to AWS Management Console.

Configuration Steps

1. Enable IAM Identity Center

  1. Log in to the AWS Management Console.

  2. Navigate to IAM Identity Center.

  3. Click Enable if not already enabled.

2. Setup Identity Provider (IdP)

Follow the AWS documentation for configuring SAML-based SSO with your provider:

3. Download Metadata

  1. From the IAM Identity Center Settings page, download the AWS SSO SAML metadata file.

  2. Import the metadata file into your IdP configuration.

4. Map Users and Groups

  1. Configure attribute mappings based on your organization’s requirements.

  2. Map required roles and permissions in AWS for the users and groups.

5. Test Configuration

  1. Assign test users to the application in your IdP.

  2. Attempt to sign in using the AWS SSO URL.

  3. Verify access and permissions.

Additional Resources

For more detailed configuration instructions, visit the AWS documentation:

Notes

  • AWS recommends enabling Multi-Factor Authentication (MFA) for additional security.

  • Keep your metadata and certificates up to date to avoid service interruptions.

Additional Configurations are available for:

Organization ConfigurationAccount & Email Naming Standards