SSO - Amazon Web Services (AWS)
Allow Foxpass users to log in to AWS via SSO
SSO Configuration
Configuring AWS as a service provider
- Click the 'Add' button for Amazon Web Services on the SSO - Service Providers page.
- Give a name to the provider and Click 'Ok'.
- Click on the 'Metadata XML' button to download the Foxpass IDP Metadata XML file.
- Log in to your AWS account, go to IAM Management console, and under Access Management, click on Identity Providers. Click 'Add Provider' button on the top right, select provider type as "SAML", enter provider name as "Foxpass" and for the Metadata document, select the metadata file downloaded from step 3.
- In your AWS account, go to the Identity Providers page, select 'foxpass'. In the next screen, click on the 'Assign Role' button on the top right and select the "Create a new role" option.
Select foxpass as your SAML provider and select the option "Allow programmatic and AWS Management Console access". Click on Next: Permissions.
Select any necessary permissions or Administrator access depending on your requirements. Click on the Next: tags button, add any tags you want, and then click on the 'Next: review' button. Give a role name such as foxpass-sso-role and then click on the 'Create role' button.
-
A. Go to your AWS roles page, select the newly created role such as foxpass-sso-role and copy the Role ARN as shown on the top.
B. Go to your AWS identity providers page, select foxpass, and copy the ARN as shown under the Summary section.
-
Go to Foxpass Console, SSO Service providers settings page, click on the 'Configure' button under Amazon Web Services to open the configuration dialog. In the Custom fields, add the following key-value pair (note the comma between the ARNs): Click on 'Save Custom Fields'.
key: aws_iam_info
value: ARN_ROLE_FROM_STEP_5A,ARN_IDENTITY_PROVIDER_FROM_STEP_5B
Optionally select any specific Users or Groups to be allowed for SSO and then click the Save button.
Login via Console
Go to SSO page in Foxpass. Click on 'Login' under AWS service provider.
Do not hesitate to reach out to us if you have any feedback or issues.
Updated 12 months ago