SSO - Amazon Web Services (AWS)
Allow Foxpass users to log in to AWS via SSO
SSO Configuration
Configuring AWS as a service provider
- Click the 'Add' button for Amazon Web Services on the SSO - Service Providers page.
![Add AWS Service Provider](https://files.readme.io/8eaeb12-Screenshot_2024-01-02_at_12.25.48_PM.png)
Add AWS Service Provider
- Give a name to the provider and Click 'Ok'.
![Provide a name](https://files.readme.io/9d570a5-Screenshot_2024-01-02_at_12.27.55_PM.png)
Provide a name
- Click on the 'Metadata XML' button to download the Foxpass IDP Metadata XML file.
![Download Metadata XML](https://files.readme.io/212e32c-Screenshot_2024-01-02_at_12.31.45_PM.png)
Download Metadata XML
- Log in to your AWS account, go to IAM Management console, and under Access Management, click on Identity Providers. Click 'Add Provider' button on the top right, select provider type as "SAML", enter provider name as "Foxpass" and for the Metadata document, select the metadata file downloaded from step 3.
![Screen Shot 2021-03-23 at 3.00.22 PM.png Add Provider in AWS](https://files.readme.io/e3af54d-Screen_Shot_2021-03-23_at_3.00.22_PM.png)
Add Provider in AWS
- In your AWS account, go to the Identity Providers page, select 'foxpass'. In the next screen, click on the 'Assign Role' button on the top right and select the "Create a new role" option.
![Screen Shot 2021-03-23 at 3.06.46 PM.png Create a new role](https://files.readme.io/11b5175-Screen_Shot_2021-03-23_at_3.06.46_PM.png)
Create a new role
Select foxpass as your SAML provider and select the option "Allow programmatic and AWS Management Console access". Click on Next: Permissions.
![Screen Shot 2021-03-23 at 3.10.12 PM.png](https://files.readme.io/3e55058-Screen_Shot_2021-03-23_at_3.10.12_PM.png)
Select any necessary permissions or Administrator access depending on your requirements. Click on the Next: tags button, add any tags you want, and then click on the 'Next: review' button. Give a role name such as foxpass-sso-role and then click on the 'Create role' button.
![Screen Shot 2021-03-23 at 3.15.59 PM.png](https://files.readme.io/5bc7ad5-Screen_Shot_2021-03-23_at_3.15.59_PM.png)
-
A. Go to your AWS roles page, select the newly created role such as foxpass-sso-role and copy the Role ARN as shown on the top.
Copy role's ARN
B. Go to your AWS identity providers page, select foxpass, and copy the ARN as shown under the Summary section.
Copy IDP's ARN
-
Go to Foxpass Console, SSO Service providers settings page, click on the 'Configure' button under Amazon Web Services to open the configuration dialog. In the Custom fields, add the following key-value pair (note the comma between the ARNs): Click on 'Save Custom Fields'.
key: aws_iam_info
value: ARN_ROLE_FROM_STEP_5A,ARN_IDENTITY_PROVIDER_FROM_STEP_5B
Optionally select any specific Users or Groups to be allowed for SSO and then click the Save button.
![Configure Service Provider](https://files.readme.io/c7da0f4-Screenshot_2024-01-02_at_2.01.58_PM.png)
Configure Service Provider
Login via Console
Go to SSO page in Foxpass. Click on 'Login' under AWS service provider.
![Login to AWS](https://files.readme.io/70f1a8b-Screenshot_2024-01-02_at_2.27.01_PM.png)
Login to AWS
Do not hesitate to reach out to us if you have any feedback or issues.
Updated about 1 year ago