VPN Endpoint Authentication Issue with Azure SAML Provider

I've configured a VPN endpoint with Federated authentication using Azure as the SAML provider. However, I'm facing an issue with the Authorization rules. When I choose "Allow access to users in a specific access group" and specify the Access group ID, it doesn't work when accessing the VPN client. On the other hand, if I select "Allow access to all users," I can successfully access AWS resources. I would greatly appreciate your assistance with this matter.

주제

네트워킹 및 콘텐츠 전송 보안, 신원 및 규정 준수 AWS Well-Architected 프레임워크

태그

아마존 VPC 보안, 신원 및 규정 준수 AWS 자격 증명 및 액세스 관리 네트워킹 및 콘텐츠 전송 보안

언어

English

Sam

질문됨 8달 전327회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

Hello.

Check Access Group Configuration in Azure: First, verify that your Azure Access Group is configured correctly. Ensure that the users who should have access to the VPN are added to this Access Group. Also, double-check the Access Group ID to make sure it's accurate.

SAML Token Issuance: Make sure that Azure is correctly issuing SAML tokens to your VPN endpoint. You can do this by checking the Azure SAML token configuration. Ensure that the SAML assertions contain the necessary information for authentication and authorization.

Best regards, Andrii

전문가

Andrii S

답변함 8달 전

전문가

Oleksii Bebych

검토됨 16일 전

Sam
8달 전
I've figured it out. When authorizing ingress, you can select “Allow access to users in a specific access group.” AzureAD sends over the Access Group ID as the groups GUID. To get this go to Groups in AzureAD and you will see it listed next to the group name. Just copy the Object Id and add it to the VPN authorizing rule.

VPN Endpoint Authentication Issue with Azure SAML Provider

관련 콘텐츠