Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services



Similar documents
Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

VMware Identity Manager Integration with Active Directory Federation Services 2.0

Setting Up Resources in VMware Identity Manager

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

ThinPrint GPO Configuration for Location-Based Printing

Getting Started with Database-as-a-Service

Explore the VMware Horizon 6 Toolbox Auditing and Remote Assistance Capabilities

VMware Identity Manager Administration

AWS Service Catalog. User Guide

Offline Data Transfer to VMWare vcloud Hybrid Service

Configuring user provisioning for Amazon Web Services (Amazon Specific)

Using the vcenter Orchestrator Plug-In for vsphere Auto Deploy 1.0

Management Pack for vrealize Infrastructure Navigator

Reconfiguration of VMware vcenter Update Manager

The Customer page is only displayed in Admin Portal on Managed Service Provider accounts. It is not displayed in customer accounts.

Egnyte Single Sign-On (SSO) Installation for OneLogin

VMware Identity Manager Administration

How to Migrate Citrix XenApp to VMware Horizon 6 TECHNICAL WHITE PAPER

Copyright Pivotal Software Inc, of 10

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Upgrading Horizon Workspace

Deployment Guide. Deploying F5 BIG-IP Global Traffic Manager on VMware vcloud Hybrid Service

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

About the VM-Series Firewall

Google Apps Deployment Guide

VMware vcenter Configuration Manager SQL Migration Helper Tool User's Guide vcenter Configuration Manager 5.6

VMware vcenter Operations Manager Administration Guide

VMware vcenter Configuration Manager and VMware vcenter Application Discovery Manager Integration Guide

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

WatchDox Administrator's Guide. Application Version 3.7.5

RCS Liferay Google Analytics Portlet Installation Guide

Active Directory Solution 1.0 Guide

VMware vcenter Support Assistant 5.1.1

VMware vcenter Operations Manager Enterprise Administration Guide

SNMP Adapter Installation and Configuration Guide

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

DocuSign Connect for Salesforce Guide

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

How Do I Upload Multiple Trucks?

IaaS Configuration for Cloud Platforms

File Share Navigator Online 1

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Helping Customers Move Workloads into the Cloud. A Guide for Providers of vcloud Powered Services

After you have created your text file, see Adding a Log Source.

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Configuring Salesforce

An Overview of Samsung KNOX Active Directory-based Single Sign-On

vcloud Automation Center Self-Service Portal Guide

Integration with Active Directory

Lenovo Partner Access - Overview

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Flexible Identity Federation

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Configuring SuccessFactors

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

Configuring EPM System for SAML2-based Federation Services SSO

SAP NetWeaver AS Java

HIPAA/HITECH Compliance Using VMware vcloud Air

Installation and Configuration Guide

VMware Virtual Desktop Manager User Authentication Guide

Connected Data. Connected Data requirements for SSO

Advanced Service Design

Scalability Tuning vcenter Operations Manager for View 1.0

Installing and Configuring vcloud Connector

Cloud Authentication. Getting Started Guide. Version

Using the vcenter Orchestrator Plug-In for Microsoft Active Directory

VMware vcloud Air Networking Guide

Releasing High Quality Applications More Quickly with vrealize Code Stream

USER CONFERENCE 2011 SAN FRANCISCO APRIL Running MarkLogic in the Cloud DEVELOPER LOUNGE LAB

Configuring Multiple ACE Management Servers VMware ACE 2.0

What s New in VMware vsphere 5.1 VMware vcenter Server

Using SAML for Single Sign-On in the SOA Software Platform

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Configuring Parature Self-Service Portal

Configuring. SugarCRM. Chapter 121

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

SAM Context-Based Authentication Using Juniper SA Integration Guide

vcenter Operations Management Pack for SAP HANA Installation and Configuration Guide

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

User Management Tool 1.5

IP Application Security Manager and. VMware vcloud Air

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Charter Business Phone. Online Control Panel Getting Started Guide. Document Version 1.0

Relay. Calendar Setup. Google Calendar

Flexible Identity Federation

vcloud Suite Licensing

Getting Started with the Aloha Community Template for Salesforce Identity

VMware vcenter Discovered Machines Import Tool User's Guide Version for vcenter Configuration Manager 5.3

Transcription:

Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services VMware Identity Manager OCTOBER 2015 V1

Configuring Single Sign-On from VMware Identity Manager to Amazon Web Services Table of Contents Overview... 1 Save the Identity Provider SAML Metadata... 1 Setting up Amazon Web Service for Single Sign-on... 1 Find Your Amazon Web Services Account ID Number... 1 Create Identity Provider in Amazon Web Services... 2 Create a Role for Identity Provider Access in Amazon Web Services... 3 Adding Amazon Web Services to VMware Identity Manager Catalog... 4 Add Amazon Web Services to the Catalog... 4 Testing Single Sign-on Configuration... 6 Set up User in VMware Identity Manager for Testing... 6 Verify Test-User can Sign into Amazon Web Services... 6 Completing the Configuration in the Catalog... 7 Entitle Users to Amazon Web Services... 7

Overview This document provides information about configuring SAML-based single sign-on from the VMware Identity Manager service to the Amazon Web Services Management Console. When VMware Identity Manager is configured as the identity provider for AWS, users can sign on to the AWS Management Console without you having to create an identity and access management (IAM) user in AWS for everyone in your organization. Users sign in to their VMware Identity Manager Apps Portal, select the AWS app, and they are redirected to the AWS console without having to provide additional sign on details. You must have an administrator account for the VMware Identity Manager service, as well as an administrator account for Amazon Web Services. In AWS you, create VMware Identity Manager as a SAML provider and upload the identity provider SAML metadata file. You also create an IAM role that establishes a trust relationship between VMware Identity Manager and AWS IAM. The role also defines what users are allowed to do in AWS. In the VMware Identity Manager administration console, you add AWS to the catalog, add the values of the AWS application parameters, and entitle users to the AWS application. Save the Identity Provider SAML Metadata You must have the VMware identity provider metadata xml file to configure Amazon Web Services. 1. Log in to the VMware Identity Manager administration console. 2. In the Catalog tab, click Settings > SAML Metadata. 3. In the SAML Metadata section, click Identity Provider (IdP) metadata to display the metadata content. Save the metadata content as an.xml file. Setting up Amazon Web Service for Single Sign-on To set up AWS for single sign-on from the service, you configure VMware Identity Manager as the SAML identity provider in AWS, add the metadata xml file, and create an AWS identity and access management (IAM) single sign-on role to the AWS management console. Find Your Amazon Web Services Account ID Number 1. Sign in to the AWS Management Console as the admin user. 2. In the upper-right on the Amazon Web Services page, click Support > Support Center. /1

The account ID number displays below the Support menu. 3. Copy and save the AWS account ID number. This account ID number is configured later in the VMware Identity Manager. Create Identity Provider in Amazon Web Services When you create the identity provider, you add the VMware identity provider metadata xml file that you saved earlier. 1. Sign in to the AWS Management Console as the admin user and navigate to the Amazon Web Services > Security & Identity > Identity & Access Management page. 2. In the Dashboard Details navigation pane, click Identity Providers and then click Create Provider. 3. From the Provider Type > Choose a provider type drop-down menu, select SAML. 4. In the Provider Name text box, enter a name for the identity provider. Remember the provider name, as it is configured in the VMware Identity Manager Catalog. 5. In the Metadata Document row, click Choose File and navigate to the SAML metadata file you saved. /2

Click Open. Click Next Step. 6. Verify that the information is correct and click Create. Create a Role for Identity Provider Access in Amazon Web Services You create a role for identity provider access to permit your users to access the AWS Management Console. The role grants users permissions to carry out tasks in the AWS console. Before you create the role, the SAML provider must be created in AWS. 1. Sign in to the AWS Management Console as the admin user and navigate to the Amazon Web Services > Security & Identity > Identity & Access Management page. 2. In the Details navigation pane, click Roles and then click Create New Role. 3. In the Set Role Name page, enter the role name that can help you identify the purpose of this role. Click Next Step. Remember the role name, as it is configured in the VMware Identity Manager Catalog. 4. Click Role for Identity Provider Access. 5. Select Grant Web Single Sign-On (WebSSO) access to SAML providers. 6. Select the SAML identity provider you created in AWS. Click Next Step. 7. The trust policy for the role displays showing the SAML identity provider you created previously along with the SAML attributes that a user must match to assume the role. Review the policy that was created to verify the information. You can edit this page. Click Next Step. 8. Select the AWS access policies users inherit when using this role. /3

9. Review the settings and click Create Role. Next you configure AWS in the VMware Identity Manager catalog. Adding Amazon Web Services to VMware Identity Manager Catalog To configure AWS in VMware, make sure you have the following AWS information. AWS account number saved from Step 2 when you set up the SAML identity provider in AWS SAML identity provider name you configured in AWS The name of the role you created in AWS Add Amazon Web Services to the Catalog 1. Log in to the VMware Identity Manager administration console. 2. In the Catalog page, click Add Application >...from the cloud application catalog. 3. Click the Amazon Web Services icon. The modify application page appears. 4. Click Configuration. 5. In the Application Parameters section map the attributes in the name column with the AWS profile. Enter the name of the role, the SAML identity provider name and the AWS account number. 6. Click Save. /4

/5 Configuring Single Sign-on from VMware Identity Manager to Amazon Web Services

Testing Single Sign-on Configuration Test your single sign-on configuration with a small number of users before deploying the application across your organization. Set up User in VMware Identity Manager for Testing 1. Log in to the VMware Identity Manager administration console. 2. In the Users & Groups page, click Users and ensure that the user you are testing is in the list of users. 3. In the Catalog page, click on the Amazon Web Services application. 4. Click Entitlements. 5. Click +Add user entitlement. 6. Select the test user and change the DEPLOYMENT field value for the user to Automatic. For example: 7. Click Save, then click Done. 8. In the top-right corner of the page, click your user name and select Logout. Verify Test-User can Sign into Amazon Web Services 1. Sign in to the user portal as the test user. 2. Click the Amazon Web Services icon on the My Apps page. You should now have single sign-on access to Amazon Web Services. /6

Completing the Configuration in the Catalog In addition to configuring the Web application for single sign-on to the service, you can configure additional settings to add an access policy, set up app licensing requirements, and entitle users and groups to the app. Entitlements Access Policies Licensing Provisioning After you configure a Web application, you can add group entitlements and entitle individual users to the Web app. The VMware Identity Manager service includes a default policy that is automatically assigned to the Web app when you add the app to the Catalog. If you do not want to use the default access policy, create a new access policy and in the Access Policies link, select the access policy to use for this Web application. For example, you can create a stricter policy than the default, with rules that specify which IP addresses have access to the application, using which authentication methods, and for how long until reauthentication is required. See the VMware Identity Manager documentation at http://pubs.vmware.com. Licensing can be used to require users to request license approval before they can access the application. You can add additional information, including pricing, license type, cost per license and the number of licenses. You can run the Resource Usage report to see the licensing information for the application. Provisioning provides automatic application user-management from a single location. Provisioning adapters allow the Web application to retrieve specific information from VMware Identity Manager, as required. The provisioning adapters that can be selected are either Google Apps, Mozy, or Vchs. If you configure these applications, you can select the appropriate provisioning adapter. Entitle Users to Amazon Web Services You can activate single sign-on for all users. Before you do so, ensure that all the user accounts are provisioned in Amazon Web Services. 1. Log in to the VMware Identity Manager administration console. 2. In the Catalog page, click Amazon Web Services. 3. In the Modify application page, click Entitlements. 4. Click +Add group entitlement. /7

5. Select ALL USERS and change the DEPLOYMENT TYPE field value to Automatic. 6. Click Save, then click Done. /8

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright 2015 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information