- AWS SSO provides a user portal so users can find and sign in to all of their assigned AWS accounts and business applications in one place.
- The AWS SSO application configuration wizard helps you extend SSO access to any application that supports SAML 2.0.
- AWS SSO also offers pre-built-in SAML integrations to many business applications, including Salesforce, Box, and Office 365.
- AWS SSO can connect to on-premises Active Directory (AD) or AWS Managed Microsoft AD directory using AWS Directory Service.
- To connect to on-prem AD, AWS Directory Service has the following two options:
- Create a two-way trust relationship between AWS Managed Microsoft AD and an on-premises Active Directory;
- Create an AD Connector
- AWS SSO does not support SAMBA4-based Simple AD as a connected directory.
AWS SSO Supported Applications:
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html
AWS Security Digest & Notes 