Introduction: Integrating AWS Single Sign-On (SSO) with Google Work
In today’s ever-evolving business landscape, agility and efficiency are paramount. Cloud services, especially Amazon Web Services (AWS), have become central to meeting various business needs.
However, the challenge of managing access to these services while maintaining robust security is ever-growing. AWS Single Sign-On (SSO) emerges as a powerful solution, streamlining access control and centralizing authentication for multiple AWS accounts and applications.
-
Integration of AWS SSO with Google Workspace:
This blog explores the integration of AWS SSO with Google Workspace (formerly G Suite).
Here, Google Workspace takes on the role of the Identity Provider (IdP), while AWS SSO serves as the Service Provider (SP). This integration establishes a secure, seamless environment for accessing AWS accounts.
– Prerequisites for a Successful Integration:
- You need to have super user administrator privileges in the Google workspace(g suite) and need to have access to the Google admin console.
- You need to have set up an Aws organisation with all the features set to be enabled.
- You need to have management (root) account access to the Organizations with administrator privileges.
-
Setup an external identity provider in AWS IAM identity centre.
1.1-Login to your Organization’s management account and open AWS IAM identity Center.
1.2-Select your identity source.
1.3-Go to actions and click on change identity source.
1.4-Now choose External identity provider and then click on next.
1.5-Note down the AWS SSO SAML metadata information to configure a custom SAML application in Google Workspace (G Suite).
-
Step 2: Google Workspace SAML Application Setup
2.1-Open your Google Admin console in a new browser tab, navigate to the Web
and mobile apps section, select Add App, and then select Add custom SAML app.
2.2-To configure the name of the application, in the App details section, under App name, enter AWS SSO (or any other name you want), and then choose continue.
2.3-To download the Google IdP metadata, under Option 1: Download IdP metadata, choose DOWNLOAD METADATA, and then choose CONTINUE.
This will download an XML file named GoogleIDPMetadata.xml, which you will use to configure Google Workspace (G Suite) as the IdP in AWS SSO.
2.4-Using the data from AWS SSO you noted, provide information in the Service provider details, and then choose continue.
The mapping for the data is as follows:
- For ACS URL, enter the AWS SSO ACS URL.
- For Entity ID, enter the AWS SSO Issue URL.
- For the Start URL, leave the field blank.
- For Name ID format, choose EMAIL.
- For Name ID, choose Basic Information > Primary email.
2.5-On the Attribute mapping screen, leave the default settings and choose FINISH.note
2.6-On the application page, in the User access section, select the down arrow to expand the section.
2.7–Select ON for everyone and choose SAVE.
“””
You’re done configuring AWS SSO in Google Workspace (G Suite). Return to the other browser tab with the AWS SSO configuration and complete the SSO setup.
’’’’’’’
-
stepno-3 Add identity provider metadata in AWS SSO
3.1-Go to the AWS and click on Choose file in the Identity provider metadata section and select this file from your computer and click Next
3.2 Type Accept and click Change identity source to complete the setup.
-
Step-no 4 Add a user to AWS IAM Identity center
4.1-Select Users from the sidebar of the AWS IAM Identity center overview page and then choose Add user fill the details of the user and then click on next.
4.2Add the user to group if you want (skipping this for now) and click on NEXT
4.3-Scroll down to the bottom and click on Add user
4.4-Now go to Dashboard and click on Manage access to multiple AWS accounts.
4.5-Select the respective AWS account to which you want to provide access to the user and then click on assign access or group.
4.6-Form the User tab, select the user and then click on next
4.7-Now assign the permissions accordingly and click on next
4.8-Scroll down and click on Submit
4.9-Now copy the AWS Access portal URL and hit it in web browser
4.10-Sign in with your email
4.11-You will see the AWS account that you can access. Click on it and you will be redirected to aws console
-
*Conclusion:*
In conclusion, the integration of AWS SSO with Google Workspace offers immense value to organizations aiming to enhance cloud security and streamline access management.
For more insights into how your organization can benefit from similar transformations, please don’t hesitate to get in touch with us. We’re here to help you navigate the ever-evolving tech landscape. This project was successfully completed by “𝐑o𝐡a𝐧 𝐚n𝐝 𝐑i𝐬h𝐢 𝐊h𝐮r𝐚n𝐚.”