Simplify Onboarding and Secure Group Management in AWS IAM Identity Center

Written by Chip Bell on February 23, 2021

Share This Article

Updated on October 18, 2022

Group Management Integration with AWS IAM Identity Center supports the complete management of your AWS accounts and groups from JumpCloud’s Directory Platform. This key IDaaS functionality allows IT admins and DevOps to centrally manage their AWS IAM Identity Center groups from JumpCloud without having to set up or maintain anything in their AWS IAM Identity CenterO portal. 

This new addition to user lifecycle management creates a simpler onboarding experience; with JumpCloud as the identity provider (IdP) for AWS IAM Identity Center, any identity created within JumpCloud is also created in AWS IAM Identity Center and inherits access and permissions that were granted to the AWS group. In addition, this new functionality enhances the security of AWS IAM Identity Center access, such that if a user leaves the company or no longer requires access to the AWS IAM Identity Center group, then all the admin has to do is to remove them from the group in JumpCloud. Group Management Integration with AWS IAM Identity Center saves meaningful time managing AWS users and groups.

JumpCloud

Manage Identity Securely and Efficiently

Learn how you can simplify onboarding users to AWS with JumpCloud

What is AWS IAM Identity Center?

AWS Single Sign-On is a cloud-based single sign-on (SSO) service that makes it easy to centrally manage access to all AWS accounts and cloud applications. AWS IAM Identity Center is used to quickly and easily assign and manage employee access to multiple AWS accounts and applications, all from a central location. Organizations can also connect their AWS IAM Identity Center account with their external identity provider (IdP) and centrally manage from that platform.

Why Should I Use AWS IAM Identity Center over AWS IAM?

Unlike AWS Identity and Access Management (IAM), AWS IAM Identity Center is the preferred choice to manage your users and groups across multiple AWS accounts. This is because:

  • AWS IAM Identity Center simplifies the user experience and improves security by eliminating individual passwords needed for each AWS account or cloud business application
  • AWS IAM Identity Center provides access for specific users and permissions that are managed at the group level
  • AWS IAM Identity Center can enforce least privilege access 

With one touch, users are placed into a group and have access to the accounts and applications assigned to it. At the same time, if a user is revoked from this group, their access is immediately revoked.

How Does JumpCloud’s Group Management Integration with AWS IAM Identity Center Simplify Onboarding?

We will use the admin Bob Fay to showcase this experience.

Bob is a current JumpCloud customer. Within AWS, Bob is using JumpCloud as his identity provider for AWS IAM Identity Center and connected his Product user group in AWS to his Product user group in JumpCloud.

Prior to this release, Bob could not centrally manage his AWS Product user group from JumpCloud. To manage the group, Bob had to do it in AWS. When Bob’s new employee Mary Adams starts, she will need to be placed into the AWS IAM Identity Center Product User group, Bob will either have to manually add her to the group or use SAML attributes to do so.

With the launch of the Group Management feature, this integration with JumpCloud helps Bob…

Centrally Manage His Groups from JumpCloud

Once permissions to applications and accounts are granted for the Product User group in AWS IAM Identity Center, Bob can manage access to the group from the JumpCloud Admin Portal.

Simplify and Automate Onboarding 

When Mary Adams joins the company, all Bob has to do is create her credentials in JumpCloud and then add her to the Product User group. This will provision her identity in AWS IAM Identity Center and add her into the Product User group with the same access and permission levels as her peers.

Enhance Security

If Mary decides to join the engineering team in a year, all Bob has to do is remove her from the Product User group in JumpCloud and this will revoke her access to the accounts and applications available to the Product User group.

Extend Beyond the AWS IAM Identity Center Connector

Onboarding goes well beyond AWS IAM Identity Center. In this same example, Bob has to grant Mary access to all her business critical applications, device(s), and networks. Getting Mary activated could take Bob hours (or more!) if he had to individually set up each item on his onboarding checklist.

At JumpCloud, the onboarding process is designed to be as low-touch for Bob as possible. In the case of Mary, once her employee information has been entered (which itself could come directly from an integrated HRIS platform), she just needs to be added to any relevant group her role is associated with in order to gain access to all the applications, internal systems and networks that she needs. If Mary switches roles or takes on new or different responsibilities within her current role, Bob just has to remove her from the necessary groups and she will be removed from the applications and networks she no longer requires access to.

One last major benefit of JumpCloud is its native device management. With JumpCloud, Bob can securely manage his users’ Windows, Mac, and Linux devices from the JumpCloud Admin Portal. He can manage them by user or by creating device groups. JumpCloud’s device management will allow Bob to enforce policies across devices, run commands, and/or lock, restart, shut down, and/or erase the device to ensure optimal security. 

What is the Group Management Integration with AWS Built On?

This integration is built upon a SCIM connector for AWS developed by JumpCloud. SCIM (System for Cross-domain Identity Management) is an API-driven protocol for managing user identities in web applications

There are various benefits of SCIM provisioning, including: 

  • Standardization of provisioning
  • Centralization of identity
  • Automation of onboarding and offboarding
  • More comprehensive SSO management

With SCIM, Bob no longer needs to manually create and delete user accounts with AWS IAM Identity Center. SCIM connectors, such as AWS IAM Identity Center, will save Bob valuable time and reduce the chance for errors in the authorization levels granted to users and groups. JumpCloud SCIM connectors are available for a number of highly popular web applications making it easier than ever for admins to centrally provision and deprovision users to virtually everything that their users need.

Evaluate JumpCloud Free Today

If you’re new to JumpCloud and interested in learning more about the platform and how to achieve stronger security practices, evaluate JumpCloud today! JumpCloud Free grants new admins 10 systems and 10 users free to help evaluate or use the entirety of the product. Once you’ve created your organization, you’re also given 10 days of Premium 24×7 in-app chat support to help you with any questions or issues if they arise.

JumpCloud

AWS SSO SCIM Connector

Set Up Your AWS SSO SCIM Connector And More

Chip Bell

Chip is a Senior Product Marketing Manager at JumpCloud with a Bachelors in Environmental Geoscience from Boston College and a Masters in Education from The George Washington University. Chip loves to cook, hike, and NBA podcasts.

Continue Learning with our Newsletter