Simplify Onboarding and Secure Group Management in AWS SSO




Updated on March 11, 2021

Group Management Integration with AWS SSO supports the complete management of your AWS accounts and groups from JumpCloud’s Directory Platform. This key IDaaS functionality allows IT admins and DevOps to centrally manage their AWS SSO groups from JumpCloud without having to set up or maintain anything in their AWS SSO portal. 

This new addition to user lifecycle management creates a simpler onboarding experience; with JumpCloud as the identity provider (IdP) for AWS SSO, any identity created within JumpCloud is also created in AWS SSO and inherits access and permissions that were granted to the AWS group. In addition, this new functionality enhances the security of AWS SSO access, such that if a user leaves the company or no longer requires access to the AWS SSO group, then all the admin has to do is to remove them from the group in JumpCloud. Group Management Integration with AWS SSO saves meaningful time managing AWS users and groups.

Manage Identity Securely and Efficiently

Learn how you can simplify onboarding users to AWS with JumpCloud

What is AWS SSO?

AWS Single Sign-On is a cloud-based single sign-on (SSO) service that makes it easy to centrally manage access to all AWS accounts and cloud applications. AWS SSO is used to quickly and easily assign and manage employee access to multiple AWS accounts and applications, all from a central location. Organizations can also connect their AWS SSO account with their external identity provider (IdP) and centrally manage from that platform.

Why Should I Use AWS SSO over AWS IAM?

Unlike AWS Identity and Access Management (IAM), AWS SSO is the preferred choice to manage your users and groups across multiple AWS accounts. This is because:

  • AWS SSO simplifies the user experience and improves security by eliminating individual passwords needed for each AWS account or cloud business application
  • AWS SSO provides access for specific users and permissions that are managed at the group level
  • AWS SSO can enforce least privilege access 

With one touch, users are placed into a group and have access to the accounts and applications assigned to it. At the same time, if a user is revoked from this group, their access is immediately revoked.

How Does JumpCloud’s Group Management Integration with AWS SSO Simplify Onboarding?

We will use the admin Bob Fay to showcase this experience.

Bob is a current JumpCloud customer. Within AWS, Bob is using JumpCloud as his identity provider for AWS SSO and connected his Product user group in AWS to his Product user group in JumpCloud.

Prior to this release, Bob could not centrally manage his AWS Product user group from JumpCloud. To manage the group, Bob had to do it in AWS. When Bob’s new employee Mary Adams starts, she will need to be placed into the AWS SSO Product User group, Bob will either have to manually add her to the group or use SAML attributes to do so.

With the launch of the Group Management feature, this integration with JumpCloud helps Bob…

Centrally Manage His Groups from JumpCloud

Once permissions to applications and accounts are granted for the Product User group in AWS SSO, Bob can manage access to the group from the JumpCloud Admin Portal.

Simplify and Automate Onboarding 

When Mary Adams joins the company, all Bob has to do is create her credentials in JumpCloud and then add her to the Product User group. This will provision her identity in AWS SSO and add her into the Product User group with the same access and permission levels as her peers.

Enhance Security

If Mary decides to join the engineering team in a year, all Bob has to do is remove her from the Product User group in JumpCloud and this will revoke her access to the accounts and applications available to the Product User group.

Extend Beyond the AWS SSO Connector

Onboarding goes well beyond AWS SSO. In this same example, Bob has to grant Mary access to all her business critical applications, device(s), and networks. Getting Mary activated could take Bob hours (or more!) if he had to individually set up each item on his onboarding checklist.

At JumpCloud, the onboarding process is designed to be as low-touch for Bob as possible. In the case of Mary, once her employee information has been entered (which itself could come directly from an integrated HRIS platform), she just needs to be added to any relevant group her role is associated with in order to gain access to all the applications, internal systems and networks that she needs. If Mary switches roles or takes on new or different responsibilities within her current role, Bob just has to remove her from the necessary groups and she will be removed from the applications and networks she no longer requires access to.

One last major benefit of JumpCloud is its native device management. With JumpCloud, Bob can securely manage his users’ Windows, Mac, and Linux devices from the JumpCloud Admin Portal. He can manage them by user or by creating device groups. JumpCloud’s device management will allow Bob to enforce policies across devices, run commands, and/or lock, restart, shut down, and/or erase the device to ensure optimal security. 

What is the Group Management Integration with AWS Built On?

This integration is built upon a SCIM connector for AWS developed by JumpCloud. SCIM (System for Cross-domain Identity Management) is an API-driven protocol for managing user identities in web applications

There are various benefits of SCIM provisioning, including: 

  • Standardization of provisioning
  • Centralization of identity
  • Automation of onboarding and offboarding
  • More comprehensive SSO management

With SCIM, Bob no longer needs to manually create and delete user accounts with AWS SSO. SCIM connectors, such as AWS SSO, will save Bob valuable time and reduce the chance for errors in the authorization levels granted to users and groups. JumpCloud SCIM connectors are available for a number of highly popular web applications making it easier than ever for admins to centrally provision and deprovision users to virtually everything that their users need.

Evaluate JumpCloud Free Today

If you’re new to JumpCloud and interested in learning more about the platform and how to achieve stronger security practices, evaluate JumpCloud today! JumpCloud Free grants new admins 10 systems and 10 users free to help evaluate or use the entirety of the product. Once you’ve created your organization, you’re also given 10 days of Premium 24×7 in-app chat support to help you with any questions or issues if they arise.

AWS SSO SCIM Connector

Set Up Your AWS SSO SCIM Connector And More


Related Posts
Learn the difference between AWS IAM and AWS SSO and which is better suited for your business. Try JumpCloud for Free!

Blog

AWS IAM vs. AWS SSO: Choosing the Right Service

Learn the difference between AWS IAM and AWS SSO and which is better suited for your business. Try JumpCloud for Free!

Identity and access management, or IAM, used to be much simpler. But when the cloud came along, so did a number of acronyms and complexities. What is IAM today?

Blog

What is IAM? (Identity and Access Management)

Identity and access management, or IAM, used to be much simpler. But when the cloud came along, so did a number of acronyms and complexities. What is IAM today?

Authentication-as-a-(Micro)Service enables access to a variety of IT resources, including devices, applications, and networks, and more.

Blog

What is Authentication-as-a-(Micro)Service?

Authentication-as-a-(Micro)Service enables access to a variety of IT resources, including devices, applications, and networks, and more.