Temporary elevated access with Entra ID SSO

0

Hello,

we have an AWS Organization with multiple accounts. On one account IAM Identity Center is connected with our MS Entra ID to provide SSO and managment of permission sets to the whole organisation. We want to implement a solution for temporary elevated assess management.

On the one hand I've found AWS TEAM on Github. Couldn't find anything if it's working with external IdPs?

On the other hand, there's this AWS documentation page: https://docs.aws.amazon.com/singlesignon/latest/userguide/temporary-elevated-access.html mentioning three partner solutions, Okta, CyberArk and Tenable. At least Okta is a SaaS for an IdP. So at least there, I would need to connect my Entra ID to Okta, which is then connected to AWS, right? What about the other two? Is it the same as with Okta?

Thx for any information shared!

asked a month ago46 views
1 Answer
1

AWS Documentation: https://docs.aws.amazon.com/singlesignon/latest/userguide/temporary-elevated-access.html

If you have ENTRA for your SSO provider, and have the appropriate enterprise license level, there is a Privileged Access workflow. The feature is called PIM, or Privileged Identity Management.
Microsoft Documentation: https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure

profile pictureAWS
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions