Amazon Web Services SSO
https://aws.amazon.com
idemeum integrates with AWS SSO in order to let your employees access AWS dashboard and integrated applications with a single click. Your employees will enjoy the same centralized passwordless experience with idemeum.

Federating with AWS Single Sign-On (SSO) enables idemeum sign-in experience to AWS and a single way to manage access to the AWS console, AWS command line interface, and AWS integrated applications centrally, across all your AWS organizations accounts.

AWS pricing details
Capabilities overview








AWS SSO and idemeum integration

In the configuration guide we will look at the following configuration sections.

  1. Prerequisites
  2. Single Sign-On (SAML)
  3. Automated provisioning with SCIM

1. Prerequisites

For this configuration you will need to have your idemeum tenant SAML metadata file.

Please download it and have it handy. Instructions for how to obtain your idemeum SAML metadata are below.

How to obtain SAML metadata for idemeum
SAML metadata is the data that describes the information needed to communicate with a SAML endpoint. For example, if Identity Provider (IDP) X wanted to allow Service Provider (SP) Y to request SAML responses, IdP X would share its metadata with SP Y and vice-versa. Each idemeum tenant has associate…

Single Sign-On (SAML)

1. Configure AWS for SSO

  • Navigate to your AWS Management Console
  • Search for and access AWS Single Sign-On (AWS) AWS service
  • Enable AWS SSO service if you have not done it already
  • Click Settings
  • Under Identity Source choose Change
  • Select External Identity Provider
  • Scroll down and click Download metadata file. You will need that later on for configuring AWS in idemeum.
  • Upload idemeum metadata file that you obtained in the prerequisites section. You will need to upload it to IdP SAML metadata form.
  • Click Next: Review
  • Type ACCEPT and click Change identity source

2. Configure idemeum for SSO

  • Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
  • Click Applications in the left menu
  • Search for Amazon Web Services application and click Add App
  • Click SAML at the top navigation menu
  • Choose SP Metadata XML and copy paste the AWS metadata file that you downloaded in the previous section. Once you click Save all SAML metadata configuration will be populated.
  • At this step you can click Cancel and the application SAML configuration will be saved.
  • At this point you configured SAML integration between AWS and idemeum.
    • If you decide to manually provision users make sure you create user in AWS with employee corporate email address
    • If you want to use automated provisioning with SCIM, please proceed to the next section.

Automated provisioning with SCIM

1. Enable SCIM provisioning in AWS

Make sure you configured SAML SSO before proceeding with SCIM configuration.
  • Navigate to your AWS Management Console
  • Search and access AWS Single Sign-On (AWS) AWS service
  • Click Settings
  • Click Enable automatic provisioning in the provisioning section
  • Take note of SCIM endpoint and Access token. You will need those parameters when configuring automated provisioning in idemeum.

2. Enable SCIM provisioning in idemeum

  • Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
  • Click Applications in the left menu
  • Choose My applications
  • Click Edit for Amazon Web Services application
  • Click Provisioning section to configure SCIM provisioning with AWS. Populate SCIM Base URL and Access Token with the values you obtained in the previous section when enabling provisioning in AWS.
  • Click Save to save provisioning configuration and complete setup.