Forum Discussion
AzureAD integration with AWS
I am an office365 customer and my org is using AWS. What is the recommended approach to integrate AWS with Azure AD? Should I register AWS SSO as an application in Azure AD? I am having 20+ accounts in AWS. Please suggest.
In this scenario, Azure AD would act as the Identity Provider (IdP) for authentication, while AWS roles would be used for authorization. This integration provides several benefits, including centralized management of accounts and access control, as well as the ability to enable single sign-on (SSO) for your users.
The recommended approach for this integration is to use Azure AD SSO integration with AWS, which allows you to configure multiple instances of your AWS account to multiple instances of AWS apps in Azure AD. This approach is scalable and uses AWS role-import functionality with Azure AD user provisioning, which means that you can automatically add, update, or delete roles as needed.
On the other hand, connecting one AWS app to all your AWS accounts is not recommended, especially if you have a large number of AWS accounts and roles. This approach is not scalable and requires manual management of roles, which can be time-consuming and error-prone
Please use this article for your usecase Tutorial: Azure AD SSO integration with AWS Single-Account Access - Microsoft Entra | Microsoft Learn if you really have a more AWS accounts and planning to add more in future
for really a small or PoC environment Microsoft you can register as single App (non recommended Microsoft labled this article as legacy Tutorial: Azure Active Directory integration with Amazon Web Services to connect multiple accounts - Microsoft Entra | Microsoft Learn
Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.
In this scenario, Azure AD would act as the Identity Provider (IdP) for authentication, while AWS roles would be used for authorization. This integration provides several benefits, including centralized management of accounts and access control, as well as the ability to enable single sign-on (SSO) for your users.
The recommended approach for this integration is to use Azure AD SSO integration with AWS, which allows you to configure multiple instances of your AWS account to multiple instances of AWS apps in Azure AD. This approach is scalable and uses AWS role-import functionality with Azure AD user provisioning, which means that you can automatically add, update, or delete roles as needed.
On the other hand, connecting one AWS app to all your AWS accounts is not recommended, especially if you have a large number of AWS accounts and roles. This approach is not scalable and requires manual management of roles, which can be time-consuming and error-prone
Please use this article for your usecase Tutorial: Azure AD SSO integration with AWS Single-Account Access - Microsoft Entra | Microsoft Learn if you really have a more AWS accounts and planning to add more in future
for really a small or PoC environment Microsoft you can register as single App (non recommended Microsoft labled this article as legacy Tutorial: Azure Active Directory integration with Amazon Web Services to connect multiple accounts - Microsoft Entra | Microsoft Learn
Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.
