This lab will take you through the process of configuring Windows AD FS with AWS IAM, which enables you to access your AWS Management Console with the desired Active Directory users and groups. You will leverage the AWS support for Security Assertion Markup Language (SAML), an open standard used by many identity providers. This feature enables federated single sign-on (SSO), which lets users sign in to the AWS Management Console or make programmatic calls to AWS APIs by using assertions from a SAML-compliant identity provider (IdP) like Active Directory Federation Services (AD FS).
Level
Intermediate
Duration
1 Hours 0 MinutesCourse Objectives
In this course, you will learn how to:
- Install and set up AD FS on a Windows server
- Enable federated access to the AWS Management Console using an existing Active Directory server
- Create new roles in IAM and map those to your federated users
- Allow federated users to have access to the AWS Management Console
Intended Audience
This course is intended for:
- Architects
- Infrastructure Engineers
Prerequisites
We recommend that attendees of this course have the following prerequisites:
- Familiar with basic Windows Server administration
- Highly fluent and conceptually solid with the techniques of federated identity and identity providers in general, and SAML, LDAP, Active Directory, and AWS IAM in particular
Course Outline
- Task 1: Configure your AD FS instance
- Task 2: Connect to the domain controller instance
- Task 3: Join your AD FS instance to the domain
- Task 4: Create a self-signed certificate on AD FS
- Task 5: Install AD FS
- Task 6: Set up AWS IAM to work with AD FS
- Task 7: Set up AWS as a trusted relying party
- Task 8: Test the configuration by logging into AWS