• No results found

Configuring user provisioning for Amazon Web Services (Amazon Specific)

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Configuring user provisioning for Amazon Web Services (Amazon Specific)"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Chapter 2

Configuring user provisioning for Amazon

Web Services (Amazon Specific)

Note If you’re trying to configure provisioning for the Amazon Web Services: Amazon

Specific + Provisioning app, you’re the right place. If you’re trying to configure provisioning for the Amazon Web Services: SAML + Provisioning app, see Configuring user provisioning for Amazon Web Services (SAML)

This section includes the following topics:

 "Creating the Amazon Web Services IAM user and generating the key values" on page

2-96

 "Configuring Amazon Web Services in Admin Portal for automatic provisioning" on

page 2-97

 "Provisioning users for Amazon Web Services based on roles" on page 2-98

Creating the Amazon Web Services IAM user and

generating the key values

In the Amazon Web Services Management Console, you generate the authentication keys that you’ll enter in Admin Portal to configure provisioning. For more details, see the Amazon Web Services documentation.

http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html http://docs.aws.amazon.com/STS/latest/UsingSTS/STSMgmtConsole-SAML.html

To generate the key values on the Amazon Web Services console:

1 Log in to the AWS Management console at https://aws.amazon.com using an account

that has Administrator access.

Note In the AWS Management console, you assign permissions to groups by way of

policies. You can assign policy templates, generate a policy, or create a custom policy. Consult the Amazon Web Services documentation for more information (http:// docs.aws.amazon.com/IAM/latest/UserGuide/ControllingAccess.html).

2 Navigate to https://console.aws.amazon.com/iam/home?#security_credential 3 Click Continue to Security Credentials.

(2)

Note If you already have two Access Key IDs, you will need to delete an existing Access

Key ID before you can create a new one.

6 Click Download Key File to download the Access Key ID and Secret Access Key. A .csv file downloads containing the access keys for the users you created. This is the only time you can download the access keys, and you will need this file to copy the access keys into the Admin Portal soon when you configure provisioning.

7 Click Close.

You’re ready to add the application in Admin Portal and configure it for provisioning. For details, see Configuring Amazon Web Services in Admin Portal for automatic

provisioning.

Configuring Amazon Web Services in Admin Portal for

automatic provisioning

You can deploy SSO access to Amazon Web Services using either Amazon Web Services’ proprietary authentication method or with SAML. Initially, Amazon Web Services only supported their own, custom authentication method. Now they also support SAML. You can choose to use either method for your deployment.

To configure Amazon Web Services in Admin Portal for automatic provisioning:

1 In Admin Portal, add, configure, and deploy the Amazon Web Services (AWS) Amazon Specific + Provisioning application. For details, see Configuring Amazon Web Services (Amazon Specific).

Tip Configure the rest of the application before enabling provisioning to simplify any

necessary troubleshooting. Although SSO configuration isn’t required for provisioning to work, you do need to configure SSO so that provisioned users can access the application.

2 On the application’s Provisioning tab, select Enable provisioning for this

application.

3 Select either Preview Mode or Live Mode.

 Preview Mode: Use Preview Mode when you’re initially testing the application

provisioning or making configuration changes. The cloud service does a test run to show you what changes it would make but the changes aren’t saved.

 Live Mode: Use Live mode when you want to use application provisioning in your

(3)

      Provisioning users for Amazon Web Services based on roles

Note Enter the following information for the provisioning details:

Note If you’re using the Amazon Web Services application in Admin Portal that uses

Amazon Web Services’ proprietary authentication configuration (the Web-Amazon version), you can re-use the keys that you entered on the Application Settings page here.

4 If needed, use the horizontal and vertical scroll bars to bring the Verify button into view. 5 Click Verify to have the cloud service verify and save the connection and save the

provisioning details.

Provisioning users for Amazon Web Services based on

roles

Here you specify a Admin Portal role and specify that users in that role will be matched to existing or new accounts in Amazon Web Services with the roles that you specify.

When you change any role mappings, the cloud service synchronizes any user account or role mapping changes immediately.

NotesHow the cloud service determines duplicate user accounts:

If the user accounts in the cloud service and the target application match for the fields that make an Amazon Web Services user unique, then the cloud service handles the user account updates according to your instructions. In many applications, the user’s email address or Active Directory userPrincipalName is the primary field used to identify a user—and in many cases, the userPrincipalName is the email address. You can look at the application’s provisioning script to see the fields that the cloud service uses to match user accounts.

To automatically provision users with Amazon Web Services accounts:

1 First, make sure that you’ve entered and verified the provisioning credentials.

2 You specify which users have access to the application with the roles you add in the

application’s User Access tab. You specify what kind of access users have in the target application by assigning roles in the Provisioning > Role Mappings area.

3 In the Provisioning page, scroll down to the Role Mappings section.

Field Description

Access Key Paste in the Access Key from the IAM user that you

created in Amazon Web Services.

Secret Key Paste in the Secret Key from the IAM user that you

(4)

4 Select either Overwrite or Keep to specify how the cloud service handles situations when the cloud service determines that the user already has an account in the target application.

 Overwrite: Select Overwrite to update and overwrite the target application user

account information with the cloud user account information.

Note If the target user account has a value for a user attribute that doesn’t exist in the

cloud user account, then the cloud service leaves that target user account attribute value intact.

 Keep: Select Keep to keep the target user account as it is; the cloud service skips and

doesn’t update the duplicate user account in the application.

Retain: If you select Keep, you can also select Retain to keep the existing target

application user account active when changes in roles or role mappings result in the user no longer being assigned and provisioned to the application. To deprovision users when the user is no longer assigned and provisioned to the application, do not select this option.

5 Click Add to add role mappings and specify which users get provisioned to this application.

The Role Mapping dialog box opens.

6 Select a Role and click Add.

7 Select a Destination Group.

8 Click Done to save the role mapping and return to the Provisioning page.

9 Continue adding role mappings, as desired.

 To change a mapping, select the role mapping and click Modify.  To remove a mapping, select the role mapping and click Delete.

Note The provisioning script is intended for advanced users who are familiar with editing

server-side JavaScript code.

(5)

References

Download now ( PDF - 5 Page - 200.21 KB )

Related documents

Kavanaghs List of Expenses 2014

Bicycle repairs and maintenance, consumables and insurance - calculate the business use on a mileage basis.. Fares to

Cloud Computing. Adam Barker

• Amazon Web Services (AWS) Infrastructure as a Service (IaaS) cloud as an exemplar

Alexa User Manual Pdf

Read PDF Amazon Echo And Alexa User Guide or Ultimate Amazon Echo Device And Alexa Voice Service Manual Tutorial Amazon Echo And Alexa User.. This product as recognition

Sample Financial Aspect of Feasibility (1)

[r]

Amazon Web Services. Luca Clementi Sriram Krishnan NBCR Summer Institute, August 2009

It utilizes a hosted Hadoop framework running on the web-scale infrastructure of Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3).”..

Amazon Web Services Building in the Cloud

Infrastructure As a Service Amazon Simple Storage Service Amazon Elastic Compute Cloud Amazon Simple Queue Service Amazon SimpleDB.. Commerce As a Service Amazon Flexible Payments

Free Printable Back To School Worksheets For Kindergarten

Cover that a good printable to school worksheets for kindergarten, reading log and to school free ice cream printables for students is amazing!. Jamestown for free printable

Antimicrobial food packaging in meat industry

Most of the materials used in anti- microbial packaging systems only act as a reservoir for the active substance and the target effect is on the food in contact with the package..