Getting started
Prerequisites
Creating an Organization
Creating Audit and Log Archive AWS Accounts
Management
Creating an AWS Account
Initial Setup
Billing Alerts
Configuring AWS SSO (IAM Identity Center)
Generating As-Built-Documentation
Environments
Environments
Configuring AWS Client VPN
Configuring Private Bastion
Deleting an Environment
Domains
Service Roles
Compliance
Compliance standards
Compliance status
Configuring a standard
Reference
Choosing Email Addresses for your AWS Accounts
Checklist end-of-deployment
Configuring SSO for Microsoft Azure
Configuring SSO for G-Suite
Deploying Applications
Notification History
Removing Citadel Access from AWS Accounts
What’s deployed in my account
Troubleshooting
Troubleshooting
Common Issues
Finding the Root Cause of a Failed Job
Creating new environment failed
Fixing Network Access is not connecting to RDS
SSO G-Suite - Deploy Lambda Error
Common issues
Configuring AWS SSO
You will need to create an AWS IAM Identity Center (Single Sign-On) in the management account on AWS. The SSO is used to manage workforce user access to multiple AWS accounts and cloud applications.
Follow these steps to get started with AWS and to create AWS Organizations.
Creating an IAM Identity Center (SSO)
- Sign in to the AWS Management Console with your AWS account root user credentials.
- Navigate to IAM Identity Center console.
- Click Enable on the IAM Identity Center page.
Create a user
- Assuming that the SSO is enabled to your AWS Organization:
- Login to the AWS console and type IAM Identity Center into the Find Services box and click on IAM Identity Center;
- Click on the User option on the left;
- Click on Add User;
- Enter details to fields:
- Username (enter a valid email address for this user);
- Password;
- Email address (enter the same email address in the username field);
- Confirm email address;
- First name;
- Last name; and
- Display name.
Create a group
Group is used to group all users with the same set of permissions.
- Login to the AWS console and type IAM Identity Center into the Find Services box and click on IAM Identity Center;
- Click on the Group option on the left;
- Click on Create Group;
- Enter details to fields:
- Group name; and
- Description
- Add users to the group by selecting all users that should have the same set of permissions in the list Add users to group.
- Click on Create group.
Create Permission Sets
The permission sets define the level of access that users in IAM Identity Center have to their assigned AWS accounts.
- Login to the AWS console and type IAM Identity Center into the Find Services box and click on IAM Identity Center;
- Select Permission sets on the left menu;
- Select Create permission set;
- Permission Type: there are two ways to create the permission set:
- Predefined permission set - Create a predefined permission set by choosing an AWS-defined template;
- Chose the Policy for predefined permission set.
- Click Next.
- Enter permission set detials and click Next;
- Review the details and click Save;
- Custom permission set - Create a custom permission set by selecting AWS managed policies and creating an inline policy (recommended).
- Click Next;
- Specify policies and permissions boundary and click Next;
- Enter the permission set details and click Next
- Review the details and click Save.
Configuring SSO for Microsoft Azure
Configuring SSO for G-Suite
← Previous
Billing Alerts
Next →
Environments
On this page