Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

AzureAD integration with AWS

Copper Contributor

I am an office365 customer and my org is using AWS. What is the recommended approach to integrate AWS with Azure AD? Should I register AWS SSO as an application in Azure AD? I am having 20+ accounts in AWS. Please suggest.

1 Reply
best response confirmed by ksmsa (Copper Contributor)


In this scenario, Azure AD would act as the Identity Provider (IdP) for authentication, while AWS roles would be used for authorization. This integration provides several benefits, including centralized management of accounts and access control, as well as the ability to enable single sign-on (SSO) for your users.

The recommended approach for this integration is to use Azure AD SSO integration with AWS, which allows you to configure multiple instances of your AWS account to multiple instances of AWS apps in Azure AD. This approach is scalable and uses AWS role-import functionality with Azure AD user provisioning, which means that you can automatically add, update, or delete roles as needed.

On the other hand, connecting one AWS app to all your AWS accounts is not recommended, especially if you have a large number of AWS accounts and roles. This approach is not scalable and requires manual management of roles, which can be time-consuming and error-prone

Please use this article for your usecase  Tutorial: Azure AD SSO integration with AWS Single-Account Access - Microsoft Entra | Microsoft Lear... if you really have a more AWS accounts and planning to add more in future 

for really a small or PoC environment Microsoft you can register as single App (non recommended Microsoft labled this article as legacy Tutorial: Azure Active Directory integration with Amazon Web Services to connect multiple accounts -...

Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.