ADFS + IAM
-
Upload
richard-harvey -
Category
Technology
-
view
363 -
download
8
description
Transcript of ADFS + IAM
FOR ENTERPRISE AWS
ADFS + IAM Single Sign On
Introduction
Cloud Architect and EngineerBackground in Systems Administration
Large scale E-Commerce systems Media scale events Helping companies migrate to Cloud Services
3 Data centre design rebuilds 4 complete migrations to AWS
OpenSource Enthusiast http://dev.squarecows.com Yes it pains me to talk about ADFS
Why ADFS?
Business Reasons Little entry cost Provides your existing business process with the ability
to control access to AWS services Provides an audit trial (using cloudtrail)
Technical Reasons SAML integration (Security Assertion Markup Language) Connects with IAM seamlessly Uses existing infrastructure No need to recreate all your users in IAM and manage
them by hand Map IAM policies to AD Groups
Active Directory Federation Services
Deeper into ADFS
My Test Setup Based on original RE:Invent presentation setup Single AD server running in AWS ADFS 2.0 installed on the AD controller
MS Suggested setup HA AD Servers Dual ADFS 2.0 stand alone servers Load balancer for ADFS
How it all Works
How it all Works
Setting up IAM
Requirements AD +ADFS setup Downloaded ADFS metadata AWS-Prod and AWS-Dev Groups in AD A User in these groups
Create Identity Provider on IAMCreate IAM Roles and grant SSO permissionsSetup ADFS Trust and mappings
Identity Access management
Setting up IAMIdentity Access management
Setting up IAMIdentity Access management
Setting up IAMIdentity Access management
Setting up IAMIdentity Access management
Setting up IAMIdentity Access management
Setting up IAMIdentity Access management
Setting up IAMIdentity Access management
Setting up IAMIdentity Access management
Setting up IAMIdentity Access management
Setting up IAMIdentity Access management
Setting up IAMIdentity Access management
Setting up IAMIdentity Access management
Login In
Sign into ADFS
Pick Your Role
Enjoy AWS
Useful Resources
Original ADFS + IAM guide http://goo.gl/kM4V4Y
AWS IAM Policy Generator http://goo.gl/vpTdBQ
Beyond AWS Services
WorkSpaces https://aws.amazon.com/workspaces/
AD integration