With AWS SSO you can create flexible permissions, aligned with your roles or projects, to assign users and groups access centrally across all your AWS Organizations accounts. AWS SSO centrally configures and maintains all the permissions in your accounts automatically, without requiring additional setup in individual accounts. With the new release, you can connect Azure AD using the Security Assertion Markup Language (SAML) 2.0 standard, use AWS SSO to manage access centrally to your AWS accounts, and your users can sign in with their Office 365 sign-in experience. Customers can also provision Azure AD users and groups into AWS SSO automatically with the standard protocol System for Cross-domain Identity Management (SCIM). For example, if you granted an Azure AD group permissions to manage EC2 instances and later removed someone from the group, that person loses the permission to manage EC2 instances, automatically. We are actively working with AWS Partner Network members including Okta, OneLogin, and Ping Identity to enable interoperability for their identity providers.
It is easy to get started with AWS SSO. With just a few clicks in the AWS SSO management console, you choose AWS SSO, Active Directory, or an external identity provider as your identity source. You can then centrally manage users’ access to your AWS Organizations accounts and hundreds of pre-configured cloud applications such as Salesforce, Box, and Office 365. Your users sign in with the convenience of their familiar sign-in experience and get single-click access to all their assigned accounts and applications from the AWS SSO user portal. To learn more, please visit AWS Single Sign-on or visit the blog on The Next Evolution in AWS Single Sign-On.