Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

  1. Configure your SSO identity store using the single sign-on guide.

  2. From the Single Sign-On configuration page, customize the start URL for your user portal so that it's easier to remember (Note, your start URL cannot be modified once it has been customized).

  3. Delegate IAM administration from the Management account to the Identity account following the delegated administration guide.

  4. Accept the invitation in your email to join AWS SSO.

  5. Sign out of the IAM management user and sign into the newly created SSO portal.

Google Sign In

If you’re using Google as a sign-in provider, you’ll also want to deploy the sso-sync Lambda to automatically provision user accounts in Identity Center. Otherwise, users will need to be manually added in both Google and AWS.

  1. Set Google as an external identity provider using the above guide

  2. Create a dedicated Identity account for managing SSO identities. You can add this to the accounts.yaml file from the template.

  3. Deploy the sso-sync Lambda to the Identity account. You can follow the guide in the sso sync README.

  • No labels