ADFS + IAM
Download as PPTX, PDF0 likes2,555 views
This document discusses using Active Directory Federation Services (ADFS) with AWS Identity and Access Management (IAM) for single sign-on. It provides reasons for using ADFS like low cost, controlling AWS access through existing business processes, and audit trails. Technically, ADFS allows SAML integration with IAM and maps existing Active Directory users and groups to manage permissions without recreating accounts. The document walks through setting up a test ADFS environment, configuring an IAM identity provider, defining IAM roles, and enabling single sign-on access to AWS services using AD groups. Resources for the original configuration guide and IAM policy generation are also provided.
ADFS + IAM
- 1. F O R E N T E R P R I S E A W S ADFS + IAM Single Sign On
- 2. Introduction Cloud Architect and Engineer Background in Systems Administration Large scale E-Commerce systems Media scale events Helping companies migrate to Cloud Services 3 Data centre design rebuilds 4 complete migrations to AWS OpenSource Enthusiast http://dev.squarecows.com Yes it pains me to talk about ADFS
- 3. Why ADFS? Business Reasons Little entry cost Provides your existing business process with the ability to control access to AWS services Provides an audit trial (using cloudtrail) Technical Reasons SAML integration (Security Assertion Markup Language) Connects with IAM seamlessly Uses existing infrastructure No need to recreate all your users in IAM and manage them by hand Map IAM policies to AD Groups Active Directory Federation Services
- 4. Deeper into ADFS My Test Setup Based on original RE:Invent presentation setup Single AD server running in AWS ADFS 2.0 installed on the AD controller MS Suggested setup HA AD Servers Dual ADFS 2.0 stand alone servers Load balancer for ADFS
- 5. How it all Works
- 6. How it all Works
- 7. Setting up IAM Requirements AD +ADFS setup Downloaded ADFS metadata AWS-Prod and AWS-Dev Groups in AD A User in these groups Create Identity Provider on IAM Create IAM Roles and grant SSO permissions Setup ADFS Trust and mappings Identity Access management
- 8. Setting up IAM Identity Access management
- 9. Setting up IAM Identity Access management
- 10. Setting up IAM Identity Access management
- 11. Setting up IAM Identity Access management
- 12. Setting up IAM Identity Access management
- 13. Setting up IAM Identity Access management
- 14. Setting up IAM Identity Access management
- 15. Setting up IAM Identity Access management
- 16. Setting up IAM Identity Access management
- 17. Setting up IAM Identity Access management
- 18. Setting up IAM Identity Access management
- 19. Setting up IAM Identity Access management
- 20. Login In Sign into ADFS Pick Your Role Enjoy AWS
- 21. Useful Resources Original ADFS + IAM guide http://goo.gl/kM4V4Y AWS IAM Policy Generator http://goo.gl/vpTdBQ
- 22. Beyond AWS Services WorkSpaces https://aws.amazon.com/workspaces/ AD integration
- 23. Questions??? Twitter: @ric_harvey Or via Email: richard.harvey@intechnica.co.uk