By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Recommendation on SSO integration with multiple IDP's

0

We have a partner that is a SaaS provider, providing data analytics services to customers . Each customer has an AWS account under Control Tower and Organizations. Several customers asking for SSO, integrating with their individual Microsoft AD directories. Since Identity Center does not support multiple IdP’s, any recommendations how partner can provide their customers with SSO integration with their unique IdP?

1 Answer
0

Each account can have its own IDP configuring within IAM for use in certain scenarios such as VPN SSO. Each account can also have its own idenity centre configuration

Option 1 - IAM IDP Federation in each account https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers.html#id_roles_providers_iam https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html

Option 2 - Account Instance Identity centre deployment in each account with SSO federation https://aws.amazon.com/blogs/security/how-to-use-multiple-instances-of-aws-iam-identity-center/

See case 5

Case 5: An AWS Organizations deployment with an organization instance can opt-in to having account instances in member accounts in the organization.

profile picture
EXPERT
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions