Identity Management With
AWS Single Sign-On (SSO)

Erik Rush | April 14, 2021


In the broadest sense, identity management (often referenced as Identity and Access management, or IAM) is the organizational process for ensuring that individuals have the appropriate access to technology resources. Specifically, it includes the identification, authentication and authorization of persons seeking access to applications, systems or networks. The identities being managed are users, which include customers, partners and employees; devices being accessed can include computers, smartphones, routers, servers, controllers and sensors. 

The objective of identity management is to establish one digital identity per individual or item. Having done so, the digital identity must be maintained, modified and monitored throughout the access life cycle of each user or device. The overall goal is to grant access to the assets—and only those assets—to which users and devices have rights in a given context. 

AWS Single Sign-On: Detailed and Easy IAM 

Amazon Web Services (AWS) Identity and Access Management is the foundational authentication service offered by AWS. It provides detailed access to AWS resources through IAM users, groups and roles. these enable application owners to grant access to specific AWS API operations and resources. AWS Identity and Access Management controls how users gain access to AWS resources through supported resources.

There are several authentication components offered by AWS, and additional identity and authentication services that target more specific areas.

AWS Single Sign-On (SSO) is a service that centrally manages access to multiple AWS accounts and business applications, providing users with single sign-on access to all their assigned accounts and applications from one place. AWS Single Sign-On configures and maintains all of the necessary permissions for an organization’s accounts automatically, without requiring any additional setup in the individual accounts. Managers can assign user permissions based on common job functions and customize permissions to meet specific security requirements. AWS SSO also enables access to applications hosted in AWS or in external applications (e.g., Office 365, Salesforce). SSO can connect to Microsoft Active Directory, including on-premises, Azure Active Directory and Okta Universal Directory. 

AWS Single Sign-On Benefits

Some of the key benefits of AWS Single Sign-On include:

Centrally manage access permissions. AWS SSO interacts with AWS Organizations to configure which AWS accounts users have access to and their respective permissions. With AWS SSO, managers can easily configure access and user permissions to all of an organization’s accounts in AWS Organizations centrally, with no additional setup needed within the individual accounts. User permissions based on common job functions can be assigned, customized to meet specific security requirements, and assigned permissions to users or groups in the specific accounts where they need access. 

Create users in AWS SSO—or connect to existing identities. AWS SSO allows the option to create user identities and groups in AWS SSO. Organizations already using Microsoft Active Directory Domain Services, Okta Universal Directory, Azure AD, or another supported identity provider can access AWS with their existing credentials, and administrators can continue to manage users and groups in the existing identity source. 

Access to accounts and applications from one location. AWS Single Sign-On provides an easy-to-use portal for users. Here, they can find and access the roles they assume in their assigned AWS accounts and business applications, all in one place. AWS Single Sign-On also offers pre-configured SAML integrations to many business applications, including Salesforce, Box, and Microsoft 365. AWS continually monitors these integrations for changes, updating integration on behalf of organizations automatically. Finally, the AWS SSO application configuration wizard helps users extend SSO access to any application that supports Security Assertion Markup Language (SAML) 2.0.

Order of the Cipher is an Amazon Web Services (AWS) training company and a novel approach to cybersecurity training that combines theatrical presentation with proven teaching techniques. We’ve mastered Amazon Web Services, and we’ve perfected how to showcase the versatility and capability of AWS technology in a manner that provides real-world immersion experiences that prepare students to expertly navigate the AWS ecosystem.


Order of the Cipher: Ep 01 Cybersecurity, Tech, and AWS Podcast. Filmed at the Cipher Suite.

Order of the Cipher: Ep 02 AWS, Cybersecurity, and Tech Podcast. Hacking, Coding, and IT humor.

Cybersecurity, Tech, and AWS Podcast. Filmed at the Cipher Suite.