Can I Integrate AWS® with Active Directory®?

Written by Natalie Bluhm on August 27, 2017

Share This Article

AWS® is replacing on-prem data centers. In fact, over 1 million businesses are leveraging AWS for their infrastructure. With so many organizations shifting to the cloud, a core question is can I integrate AWS with Active Directory®?

First, let’s take a look at how users gained access to server infrastructure in the past. Then we’ll explain how it is possible to extend AD credentials to AWS using a cloud-based identity bridge.

Accessing Servers with Active Directory

illustration of servers

When server infrastructure was hosted on-prem within an internal data center or collocated at a data center which was connected back to the main network via a VPN, the process of connecting users to the server resources they needed was relatively straightforward. A user would login to their Windows device and the domain controller would grant the user access to the network. Once on the network, the user could access whatever Windows-based resources they had the right to access, including servers.

Active Directory was central to this process and enabled a first generation of True Single Sign-On™. This first generation of SSO allowed users to gain access to servers, applications, files, and data – all from logging into their Windows system.

Then the IT world changed, and Active Directory didn’t change with it. Users started using Linux and Mac systems, applications became web-based, and AWS introduced Infrastructure-as-a-Service (IaaS).

AWS Revolutionizes Server Infrastructure

AWS Security Auth

Today, AWS is the data center for many organizations. This has corresponded to amazing gains in scalability, efficiency, and cost-effectiveness for organizations who have made the move to Amazon’s IaaS (Infrastructure-as-a-Service).

But managing access in an AWS environment has proven to be a work-in-progress. IT and DevOps organizations aren’t looking to create more infrastructure with VPNs and additional networking. These organizations are looking to shift to the cloud and leverage the infrastructure from providers such as AWS or GCP seamlessly – without the need for siloed management solutions or painstaking manual management. In a sense they want the AWS and GCP infrastructure work and feel as an extension to their on-prem IT infrastructure.

For organizations already using Active Directory as their central source of truth, the options are either to move fully to cloud-based IAM (i.e. either setup a silo’d directory in the cloud or shift to Directory-as-a-Service®) or to extend their existing AD identities to their AWS infrastructure. IT and DevOps organizations would like to do this without adding infrastructure or managing more resources.

Integrate AWS and AD with JumpCloud’s AD Integration

A new generation of technology has emerged to enable IT admins and DevOps engineers to integrate AWS with Active Directory. Called AD Integration, the solution is a cloud identity bridge. You simply connect AD to our hosted directory service in the cloud. Identities from AD are securely passed to the cloud directory and then subsequently leveraged to access AWS cloud servers (Windows or Linux). The same identities can be leveraged via SAML integration for single sign-on into the AWS IAM console.

Leveraging AD Integration, an organization can make the leap to AWS while leveraging their existing Identity and Access Management infrastructure and processes. But, integrating AWS with AD is just the tip of the iceberg. AD Integration will also enable you to extend your AD identities to Mac and Linux systems, remote servers, WiFi, and web-based apps. Your organization can achieve true centralized identity management and connect your users to all of the modern IT resources they need.

If you’re interested in learning more about bridging AD to AWS or any other modern IT resources, consider dropping us a note. We also encourage you to sign up for a free account and start testing our virtual identity bridge. You first ten users are free forever.

Natalie Bluhm

Natalie is a writer for JumpCloud, an Identity and Access Management solution designed for the cloud era. Natalie graduated with a degree in professional and technical writing, and she loves learning about cloud infrastructure, identity security, and IT protocols.

Continue Learning with our Newsletter