Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  1. Configure your SSO identity store using the single sign-on guide.

  2. From the Single Sign-On configuration page, customize the start URL for your user portal so that it's easier to remember (Note, your start URL cannot be modified once it has been customized).

  3. Accept the invitation in your email to join AWS SSO.

  4. Sign out of the IAM management user and sign into the newly created SSO portal.

Google Sign In

If you’re using Google as a sign-in provider, you’ll also want to deploy the sso-sync Lambda to automatically provision user accounts in Identity Center. Otherwise, users will need to be manually added in both Google and AWS.

  1. Set Google as an external identity provider using the above guide

  2. Create a dedicated Identity account for managing SSO identities. You can add this to the accounts.yaml file from the template.

  3. Delegate IAM administration from the Management account to the Identity account following the delegated administration guide.

  4. Deploy the sso-sync Lambda to the Identity account. You can follow the guide in the sso sync README.