- Newest
- Most votes
- Most comments
Yes, it is possible to use single sign-on (SSO) with SSH connections to Amazon Elastic Compute Cloud (EC2) instances using Azure Active Directory (AAD) and the Azure AD Application Proxy. Here is a high-level overview of the process:
Set up Azure AD and the Application Proxy: If you don't already have an Azure AD tenant, you will need to create one. Then, you will need to enable the Application Proxy service in Azure AD. Create an Azure AD application:
In the Azure AD portal, create a new application. Select "Web application and/or Web API" as the type of application. Set the Sign-on URL to the URL of the Application Proxy service.
Configure the Azure AD application:
In the Azure AD portal, configure the application to use SAML-based single sign-on. Set the reply URL to the URL of the Application Proxy service.
Set up the SSH server: On the EC2 instance, install and configure an SSH server that supports SAML authentication, such as the open-source OpenSSH server.
Follow the instructions for the chosen SSH server to configure SAML authentication using the metadata provided by the Azure AD application.
Connect to the SSH server: To connect to the SSH server, you will need to use an SSH client that supports SAML authentication, such as the open-source OpenSSH client.
Follow the instructions for the chosen SSH client to authenticate using your O365 account via SAML. I hope this helps! Let me know if you have any questions.
Relevant content
- Accepted Answerasked 8 months ago
- asked a year ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
Thank you! But seems this solution is for integration with On-Prem servers. I am looking to get the following: Use the Office 365 credentials (Azure AD accounts) to SSH the AWS ec2 instances. Would you please rephrase your answer?