1 Answer
- Newest
- Most votes
- Most comments
0
Unfortunately, I am worried to convey that No, it is not possible to use AWS Managed AD as an OAuth/SSO provider for external applications. The AWS managed AD only support NTLM and Kerberos authentication, if there is a requirement to integrate OAuth/SSO solution, you must use AWS SSO(Identity Center) or deploy ADFS server.
Moreover, AWS Managed AD doesn’t have public IP address, so it cannot provide internet facing authentication.
Lastly, I have shared below blog link that clearly explains how kerberos works.
[+] Everything you wanted to know about trusts with AWS Managed Microsoft AD https://aws.amazon.com/blogs/security/everything-you-wanted-to-know-about-trusts-with-aws-managed-microsoft-ad/
I hope the above information is helpful.
Relevant content
- asked 4 months ago
- Accepted Answerasked 7 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 3 years ago
I guessed this was the case. The public IP address isn't an issue as all of the accessing resources are within the account (and aws networks) . I'll have to look into azure AD and federation I suppose.