By Greg Keller Posted January 13, 2017
Many IT admins are wondering whether IDaaS providers support the ability to control user access to AWS™ cloud servers. The question usually goes something like this:
“If the provider has SSO into the AWS IAM console, can they also authenticate user access to the server instance itself?”
The short answer is, “No.” Almost all IDaaS providers are web app SSO solutions without core directory services. Directory-as-a-Service® is the IDaaS solution that authenticates to AWS cloud servers.
Outsourcing Data Centers
As more organizations move to the cloud, one of the key platforms is AWS. Instead of building their own data centers, IT organizations are outsourcing their data center to AWS. To its credit, AWS has built a robust platform of compute, storage, and application services. This has gone far beyond the simple EC2 service that it once was. AWS cloud infrastructure is a sophisticated group of services aimed at organizations interested in moving away from their own on-prem infrastructure.
Leveraging Cloud Identity Management
These same organizations are leveraging cloud identity management as well. The question then becomes how to connect the user identities in the IDaaS solution to AWS cloud servers. With Directory-as-a-Service, the cloud-hosted directory serves as the core, authoritative identity provider for an organization. Unlike web SSO IDaaS solutions, this approach to cloud directory services is all-encompassing. A user’s identity is federated to the systems (Windows, macOS, Linux), cloud and on-prem applications, and networks that the user needs to access. That cloud infrastructure includes AWS servers.
Authenticating to AWS Cloud Servers
IT admins simply place a lightweight agent onto each AWS server, whether they are Linux or Windows. That agent natively controls user and device management functions and includes the ability to add, delete, or modify user access. AWS cloud servers are now integrated into the core directory service of an organization rather than being managed manually or through scripts.
The benefits to this tight user management are significant. User access to all servers can be centrally controlled. This reduces the chances that a server is missed or that somebody that should not have access still does. Further, Directory-as-a-Service supports both SSH key management and multi-factor authentication. This provides an added layer of security and authentication services to AWS Windows and Linux servers.
JumpCloud®: IDaaS and AWS Cloud Servers Management
If you are interested in IDaaS and AWS cloud servers user and device management, drop us a note. We’d be happy to show you how our virtual identity provider can be leveraged to control your AWS infrastructure. If you are so inclined, sign up for a free account and try out our Directory-as-a-Service platform. Your first 10 users are free forever.