Integrate with AWS Verified Access

AWS and JumpCloud have partnered to offer a VPN alternative for securely accessing company applications over the web using JumpCloud Go™, JumpCloud SSO (SAML or OIDC) and AWS Verified Access (AVA). With this collaboration, JumpCloud can authenticate and authorize  devices and identities in one console and provide access control for AWS Verified Access for managed devices. See our blog for more information about our partnership.

Prerequisites

1. JumpCloud Admin account.
2. Your JumpCloud Org ID.
3. JumpCloud Platform or Platform Plus plan, or SSO and Device Management services. 
4. JumpCloud-managed users on JumpCloud-managed devices.
5. AWS Admin account (AWS root user).
6. AWS organization.

There are three steps:

• Install JumpCloud Go
• Configure an AWS SSO Connector
• Setup AVA

Install JumpCloud Go

The JumpCloud Go Chrome extension provides secure passwordless authentication to JumpCloud protected web resources on managed devices (Mac or Windows). The extension can be installed via JumpCloud Policy, Google’s Chrome Browser Cloud Management (CBCM), or manual installation.

See Get Started: JumpCloud Go and Use JumpCloud Go.

Configure an AWS SSO Connector

Configure AWS IAM Identity Center SSO

See Integrate with AWS IAM Identity Center.

Configure Custom AWS OIDC

See SSO with OIDC. 

For additional information about the AWS OIDC configuration, please view the following AWS documentation:

• AWS Verified Access Integration with 3rd party identity providers
• Using an OpenID Connect trust provider

Setup AVA

AVA provides secure access to company applications over the internet without using a VPN. Once you have set up JumpCloud Go and the AWS SSO Connector, the final step is configuring Verified Access inside AWS. To proceed, please view the following AWS documentation:

• Getting Started with Verified Access
• Device-based trust providers.