Integrating Amazon Q Developer with JumpCloud 

We know modern SaaS companies are constantly looking for ways to get more done. 

To get more done faster.

More securely. 

The pressure is on developers to make all this happen, and you are critical to their success. Which means the pressure is on you to give them access to the tools they need, right now, and not slow them down. 

But as IT leaders you need to ensure this is done effectively and securely. Automation here is key. This is where the power of integrating Amazon Q Developer (an AI coding assistant) with JumpCloud comes in.

Removing Friction Where It Hurts The Most

This isn’t just about using another new AI tool; it’s about optimizing tangible outcomes for your organization to create faster products with robust access and security built-in. 

The integration between Amazon Q Developer and JumpCloud tackles the biggest issue standing between high-velocity development teams and process-conscious IT organizations: access. Developers are generally your tech-savviest end users, which is helpful when troubleshooting issues but dangerous when you need to put processes in between the tools they want to use to get their job done. They need a lot, and you need it to be secure and above board. 

With JumpCloud and Amazon Q Developer integrated, you’ll be able to deliver:

• Effortless Developer Access & Reduced Friction: Imagine your developers logging into Amazon Q Developer with the same credentials they already use for everything else – their JumpCloud login. No more juggling multiple passwords, fewer forgotten credentials, and significantly less time wasted on authentication. This means your developers stay focused on what they do best: writing great code.
• Unified Security & Simplified Management: By centralizing identity management in JumpCloud, you gain a single pane of glass for all your user identities. This means consistent security policies, easier auditing, and a more robust security posture across your development environment. You’ll reduce complexity and strengthen your overall security without adding administrative burden.
• Accelerated Productivity & Innovation: When developers aren’t battling login issues or managing disparate accounts, their productivity soars. Amazon Q Developer empowers them with AI-driven assistance for code generation, transformation, and security scanning, directly speeding up development cycles. Combined with frictionless access, your teams can innovate faster and deliver new features to market quicker.
• Uninterrupted Workflow with Extended Sessions: For those critical coding sprints, Amazon Q Developer offers sessions up to 90 days. This significantly reduces interruptions from re-authentication, allowing your developers to maintain their flow and concentrate on complex tasks without constant login prompts.

How to Connect JumpCloud and Amazon Q Developer

We’ll walk you through a clear, step-by-step process to achieve these outcomes:

1. Seamless Integration: Start by integrating JumpCloud with your AWS IAM Identity Center. This establishes the foundational connection for secure, single sign-on access.
2. Automated User Syncing: We enable automatic user provisioning between JumpCloud and AWS IAM Identity Center. This means user accounts and group memberships are synchronized effortlessly, eliminating manual user management and ensuring that as your team grows or changes, access to Amazon Q Developer is always up-to-date.
3. Extended Session Configuration: We configure your IAM Identity Center to support Amazon Q Developer’s extended 90-day sessions, ensuring your developers benefit from uninterrupted productivity.
4. Granting Access with Precision: We then assign the relevant JumpCloud groups to Amazon Q Developer, ensuring only authorized developers gain access.
5. IDE Integration for Immediate Impact: Finally, we guide you through setting up the AWS Toolkit in your developers’ Integrated Development Environments (IDEs) like Visual Studio, connecting them to Amazon Q Developer using their existing JumpCloud credentials.

Prerequisites

• An IAM Identity Center-enabled AWS account. For more information, go to Enable IAM Identity Center.
• A JumpCloud account with users and groups already enabled.
• Amazon Q Developer Pro tier enabled.

Step 1: Enable IAM Identity Center integration in JumpCloud

1. Referring to the details in the confirmation email you can create an Administrator account.
2. Using your credentials for an Administrator account via the JumpCloud Admin console, go to SSO Applications > Get Started.

Figure 1: JumpCloud Admin console to set up SSO Applications

3. Browse the Application Catalog and choose AWS IAM Identity Center.
4. Provide a Display Name for the App Integration using the Application label. For example: “IAM Identity Center-JumpCloud”.
5. Choose Save Application and proceed to Configure Application.
6. Under SSO, choose Export Metadata to download the JumpCloud-aws-sso-metadata.xml.

Figure 2: JumpCloud console to set up IAM Identity Center

Step 2: Configure JumpCloud as an external IdP in IAM Identity Center

1. In the IAM Identity Center console, go to the Dashboard. If IAM Identity Center is not enabled, enable it by following the steps listed in Enabling AWS IAM Identity Center.
2. Select Confirm identity source from the Dashboard and chooseChange identity source under the Actions drop-down menu.
3. On the next page, choose External identity provider, and click Next.
4. Configure the external IdP:
   1. IdP SAML metadata: Select Choose file to upload the JumpCloud-aws-sso-metadata.xml file saved in Step 1.5.
   2. Under Service provider metadata, choose Download metadata file. You’ll need to upload it in the JumpCloud console later on.
   3. Copy and save the AWS access portal sign-in URL, as it’s required for SSO and IDE configuration.
   4. Click Next.

Figure 3: IAM Identity Center Configure external IdP screen

5. Review the changes, type ACCEPT, and choose Change identity source to proceed.

Step 3: Configure JumpCloud with IAM Identity Center Single Sign-On details

1. In the JumpCloud Admin console, go to the SSO tab (or open the AWS IAM Identity Center application if it’s not already open):
   • Under Service Provider Metadata, choose Upload Metadata and upload the file downloaded in Step 2.4b.
   • Paste the AWS access portal sign-in URL (from Step 2.4c) into the URL field.
2. Choose Save.

Figure 4: JumpCloud console to set up IAM Identity Center

Step 4: Enable provisioning in IAM Identity Center

1. In the IAM Identity Center console, go to the Settings
2. In the Automatic provisioninginformation box, choose Enable.
3. In the Inbound automatic provisioningdialog box, copy the values for SCIM endpoint and Access token, as you’ll need them to configure provisioning in JumpCloud. Then, close the dialog.

Step 5: Configure extended session for Amazon Q Developer in IAM Identity Center

• In the IAM Identity Center console, click the Settings page, and select Authentication tab
• Under Session Settings, choose Configure, and check the box to Enable extended sessions for Amazon Q Developer. This allows the developers to use the IDE to re-authenticate to Amazon Q Developer every 90 days.

Figure 5: IAM Identity Center screen to set up extended sessions for Amazon Q Developer

For developers who find frequent re-authentication unnecessary, the 90-day extended session benefits them. However, organizations with specific security requirements can maintain the standard session duration with IAM Identity Center.

Step 6: Configure provisioning in JumpCloud

1. In JumpCloud admin console, open the AWS IAM Identity Center
2. On the AWS IAM Identity Center app page, go to the Identity Management tab, and click Configure:

1. For Authentication Base URL: enter the copied SCIM endpoint (from Step 4.3).
2. For Authentication Token: enter the copied Access Token endpoint (from Step 4.3).
3. Choose Activate and Save the changes to establish the SCIM provisioning process, which will synchronize users and groups from JumpCloud to IAM Identity Center.

Step 7: Assign access for groups in JumpCloud

1. In the JumpCloud admin console, go to the AWS IAM Identity Center app page, and select the User Groups
2. Choose the JumpCloud groups you want to assign access to the IAM Identity Center app, and choose Save. This starts provisioning the users in those groups into the IAM Identity Center.

Figure 6: JumpCloud console to sync users and groups through SCIM to IAM Identity Center

Step 8: Provide access to Amazon Q Developer

1. In the Amazon Q console, subscribe to Amazon Q Developer Pro from Getting Started page.

Figure 7: Subscribe to Amazon Q Developer Pro

2. Search and assign your preferred groups and users from your Identity Center.

Figure 8: Amazon Q Developer console to assign users and groups through IAM Identity Center

Step 9: Set up AWS Toolkit for Visual Studio with IAM Identity Center

To use Amazon Q Developer, set up the AWS Toolkit for Visual Studio to authenticate with the IAM Identity Center.

1. In IDE, open the AWS extension panel, search for Amazon Q, and choose Install
2. In the resulting pane for Amazon Q, choose Use with Pro License, and choose Continue.

Figure 9: Authenticate with IAM Identity center through IDE

3. Enter the AWS access portal sign-in URL that was previously copied (Step 2.4c) into the Start URL Select us-east-1 as the AWS Region, then Sign in.
4. Choose Copy Code and Proceedto copy the code from the resulting pop-up, and open the external website when prompted.
5. Paste the code copied and choose Next.
6. Enter your JumpCloud credentials, and Sign in.
7. Choose Allowto grant AWS IDE Extensions to access Amazon Q Developer.
8. When the connection is complete, close the browser and return to the IDE. You can use Amazon Q from within IDE, authenticated with your JumpCloud credentials.

After you’ve configured your authentication with Amazon Q Developer, your users can use Amazon Q developer for code generation, code transformation, infrastructure automation, and security vulnerability assessment.

Cleanup

• Unsubscribe the user from Amazon Q Developer Pro plan to avoid monthly charges.
• Remove any temporary or unused configurations, such as test user accounts or groups, from JumpCloud
• If you have enrolled into a JumpCloud subscription plan through AWS Marketplace, please refer to the terms and conditions of the agreement.

Conclusion

By integrating Amazon Q Developer with JumpCloud, you’re not just deploying technology; you’re investing in a more efficient, secure, and productive future for your development teams and, ultimately, for your entire organization.

If you haven’t invested in JumpCloud yet, you can work through this tutorial during a no-obligation 30-day free trial. This trial gives you access to 100% functionality of the entire platform so you can see for yourself what’s possible . You can sign up for free today, or get time with a JumpCloud expert to talk through your use cases and get a personalized demo f the platform.