"Single Sign On" and AWS

Session Host/Speaker(s)

AWS provides many different ways to support authentication approaches called "Single Sign On". These all allow users to log in to AWS or AWS-hosted applications using their campus credentials, without needing to create a local user within the account or application.

This session provides an overview of many of these approaches, with a discussion of some of the implications of using each one. 

Sample topics to be covered:

  • Authenticating infrastructure level (e.g., console, CLI) access to AWS

    • AWS SSO 
    • SAML integration with the IAM console


  • Authenticating applications hosted in AWS

    • Authenticating to AWS "end user compute" services (e.g., Appstream, Quicksight)
    • Using Cognito with SAML
    • Hosting Shibboleth SPs in AWS
    • Using OAuth/OIDC and custom OPs


[If this session is of interest/accepted I'll tighten up and clarify the outline.]