Today OneLogin is excited to announce our new integration with AWS Single Sign-On (AWS SSO). Customers who use both OneLogin and AWS SSO can take advantage of this integration to ensure users access the appropriate resources in their multi-role, multi-account AWS environments.
As an Advanced APN Partner with a Security Competency, OneLogin is a trusted IAM platform for AWS customers that employ an identity management strategy as part of AWS’s Shared Responsibility Model. We’re excited to collaborate with AWS on this initiative which builds upon our existing functionalities to provide secure, unified access to cloud and on-prem environments.
What is AWS Single Sign-On?
AWS Single Sign-On makes it easy to centrally manage access to multiple AWS accounts and business applications and provide users with single sign-on access to all their assigned accounts and applications from one place. With AWS SSO, you can easily manage access and user permissions to all of your accounts in AWS Organizations centrally. AWS SSO configures and maintains all the necessary permissions for your accounts automatically, without requiring any additional setup in the individual accounts.
Why OneLogin and AWS Single Sign-On?
When you configure accounts and roles for user access across your multi-account and multi-role AWS environment, you may experience a situation where AWS admins want control over granular access patterns for users, rather than using IAM solutions to manage this process.
When AWS admins use AWS SSO, they can create predefined sets of permissions for different types of users. The OneLogin cloud-based Identity and Access Management (IAM) integration then enables IT teams to centrally manage and automatically provision users and assign them to right permission sets, as defined by business needs.
How does it work?
The integration is completely cloud-based, so no software installation is required.
The integration leverages OneLogin’s authentication and user lifecycle management capabilities to keep users in sync with AWS SSO. When you onboard a user into OneLogin, OneLogin uses SCIM standard APIs to create a new user account in AWS. With the same APIs that use OneLogin’s powerful rules engine, the user is automatically assigned to the appropriate set of AWS SSO permissions based on their role, job title, or any other criteria defined by IT. Our Secure AWS Access with OneLogin Infographic will give you an overview of how we flow from authentication to user lifecycle management.
More importantly, thanks to real-time provisioning, if a user’s OneLogin account is suspended for any reason, this integration with SCIM APIs immediately disables the user’s AWS SSO account, greatly enhancing security.
Try it for yourself
The new OneLogin for AWS Single Sign-On provides AWS customers with enterprise automation and scalability as they build out their AWS environment, based on best practices gained from working with hundreds of Enterprise organizations migrating to the cloud.
The integration is available today — Try it yourself by creating a OneLogin Developer Account and following instructions in our joint setup guide. If you’re a OneLogin customer who uses AWS SSO and want to enable the integration in your environment, contact your OneLogin Account Manager.