OneLogin Life-Cycle management with AWS SSO

Today OneLogin is excited to announce our new integration with AWS Identity and Access Management (AWS IAM). Customers who use both OneLogin and AWS IAM can take advantage of this integration to ensure users access the appropriate resources in their multi-role, multi-account AWS environments.

As an Advanced APN Partner with a Security Competency, OneLogin is a trusted IAM platform for AWS customers that employ an identity management strategy as part of AWS’s Shared Responsibility Model. We’re excited to collaborate with AWS on this initiative which builds upon our existing functionalities to provide secure, unified access to cloud and on-prem environments.

What is AWS Identity and Access Management?

AWS Identity and Access Management makes it easy to centrally manage access to multiple AWS accounts and business applications and provide users with single sign-on access to all their assigned accounts and applications from one place. With AWS IAM, you can easily manage access and user permissions to all of your accounts in AWS Organizations centrally. AWS IAM configures and maintains all the necessary permissions for your accounts automatically, without requiring any additional setup in the individual accounts.

Why OneLogin and AWS Identity and Access Management?

When you configure accounts and roles for user access across your multi-account and multi-role AWS environment, you may experience a situation where AWS admins want control over granular access patterns for users, rather than using IAM solutions to manage this process.

When AWS admins use AWS IAM, they can create predefined sets of permissions for different types of users. The OneLogin cloud-based Identity and Access Management (IAM) integration then enables IT teams to centrally manage and automatically provision users and assign them to right permission sets, as defined by business needs.

How does it work?

The integration is completely cloud-based, so no software installation is required.

The integration leverages OneLogin’s authentication and user lifecycle management capabilities to keep users in sync with AWS IAM. When you onboard a user into OneLogin, OneLogin uses SCIM standard APIs to create a new user account in AWS. With the same APIs that use OneLogin’s powerful rules engine, the user is automatically assigned to the appropriate set of AWS IAM permissions based on their role, job title, or any other criteria defined by IT. Our Secure AWS Access with OneLogin Infographic will give you an overview of how we flow from authentication to user lifecycle management.

More importantly, thanks to real-time provisioning, if a user’s OneLogin account is suspended for any reason, this integration with SCIM APIs immediately disables the user’s AWS IAM account, greatly enhancing security.

To get started, check out AWS’s “What’s New” Article about this launch and see our joint documentation at AWS IAM-OneLogin Integration.

Try it for yourself

The new OneLogin for AWS IAM provides AWS customers with enterprise automation and scalability as they build out their AWS environment, based on best practices gained from working with hundreds of Enterprise organizations migrating to the cloud.

The integration is available today — Try it yourself by creating a OneLogin Trial Account and following instructions in our joint setup guide. If you’re a OneLogin customer who uses AWS IAM and want to enable the integration in your environment, contact your OneLogin Account Manager.

About the Author

John Offenhartz

John Offenhartz is the Lead Product Owner of all of OneLogin’s integration and development programs. John’s previous experiences cover over twenty years in Cloud-based Development and Product Management with such companies as Microsoft, Netscape, Oracle and SAP.

Related Articles