Permission sets simplify the assignment of AWS account access for users and groups in IAM Identity Center. The user’s permissions in an account are determined by permission sets defined in IAM Identity Center. For more information, see the AWS Organizations documentation. You can connect Google Workspace to IAM Identity Center, allowing your users to access AWS accounts with their Google Workspace credentials.Īccess to IAM Identity Center through Google Workspace is granted to accounts governed by AWS Organizations, a service that allows you to centrally-manage multiple AWS accounts. If your organization uses Google Workspace, it can serve as an identity provider (IdP) for AWS. Google Workspace (previously known as G Suite) is used for collaboration functions like email, calendar, Slides, Meet, Drive, Chat, Sheets, Docs, Sites, and Forms.
Google workspace github how to#
We will also discuss how to configure permissions for your users and the roles that they will assume, and how they can access different accounts.
In this blog post, we will show you how to set up Google Workspace as an external identity provider (IdP) for AWS IAM Identity Center (successor to AWS Single Sign-On). You can use federation to obtain short-term credentials, which can help reduce the risk of unauthorized access, because if a third-party obtained your credentials, they would have only a limited time to use them. Using a single location to manage identities simplifies integration with human resources processes and reduces the requirement for long-lived credentials within your accounts. July 6, 2020: Original publication date of this post.īy controlling access to your Amazon Web Services (AWS) accounts using an external identity store, such as Google Workspace, you can create, manage, and revoke access from a single location. January 11, 2021: This post has been updated to reflect changes to the G Suite user interface.Īugust 3, 2020: This post has been updated to include some additional information about managing users and permissions.
May 4, 2021: AWS IAM Identity Center (IAM Identity Center) currently does not support G Suite as an identity provider for automatic provisioning of users and groups, or the open source ssosync project, available on Github. September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. March 8, 2023: We updated the post to reflect some name changes (G Suite is now Google Workspace AWS Single Sign-On is now AWS IAM Identity Center) and associated changes to the user interface and workflow when setting up Google Workspace as an external identity provider for IAM Identity Center. March 21, 2023: We modified the description of a permission set in the Introduction.
0 kommentar(er)
