IdP-initiated<\/p>\n\n\n\n
- user access intranet using company\u2019s authentication<\/li>
- user goes to web page and clicks link to Connections Cloud product like Connections Cloud S2.<\/li>
- SSO is started and SAML assertion is sent to connections Cloud endpoint via HTTP POST. If valid, access is granted.<\/li>
- The user interacts with Connections Cloud.<\/li><\/ol>\n\n\n\n
SP-initiated hybrid<\/p>\n\n\n\n
- The user visits Connections Cloud login page and clicks Use My Organization’s Login.<\/li>
- user provides email address linked with his or her account.<\/li>
- Connections Cloud redirects to organization\u2019s authentication mechanism.<\/li>
- Rest flow as last step in IdP-initiated model.<\/li><\/ol>\n\n\n\n
AWS SAML<\/p>\n\n\n\n
- SAML 2.0 or Security Assertion Markup Language 2.0 is supported by AWS<\/li>
- SAML is an open standard that many identity providers (IdPs) use.<\/li>
- Benefit of providing federated single sign-on (SSO)<\/li>
- SAML validated users can log into the AWS Management Console or call AWS API even if not an IAM user<\/li><\/ul>\n\n\n\n
Use cases supported by IAM federation<\/p>\n\n\n\n
- Federated access allows user\/application to call AWS API.\n
- \n
- It uses SAML assertion to get temporary credentials.<\/li>\n<\/ul>\n<\/li>
- Web-based single sign-on (SSO) to AWS Management Console.<\/li><\/ul>\n\n\n\n
Using SAML-Based Federation for API Access to AWS Example to give employees to copy data from their computers to a backup folder.<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-166.png\")
<\/figure>\n\n\n\n- User request authentication by IdP using a client app<\/li>
- IdP authenticates the user<\/li>
- IdP generates a SAML assertion and sends to client app<\/li>
- client app gives ARN of SAML provider, role to assume by calling AWS STS AssumeRoleWithSAML API<\/li>
- If valid, API responds with temporary credentials<\/li>
- Client app uses temporary credentials to call S3 API operations<\/li><\/ol>\n\n\n\n
SAML – Console – AssumeRoleWithSAML<\/strong><\/p>\n\n\n\n
- Corporate user can access Active Directory Federation Services or ADFS<\/li>
- AD FS authenticates user against Microsoft AD or Active Directory<\/li>
- SAML Token contains membership generated<\/li>
- Similar to IdP, Sigin in with SAML Token to AWS Sign-in Endpoint<\/li>
- AssumeRoleWithSAML send to STS<\/li>
- STS returns Credentials<\/li>
- AWS Sign-in endpoint returns Console URL<\/li>
- Corporate user Redirected to AWS Console<\/li>
- Benefits include\n
- \n
- Federation proxy not needed<\/li>\n
- No IAM permission for federation proxy, needed<\/li>\n<\/ul>\n<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"
Flow models in federated identity management, are of types identity provider initiated model or IdP-initiated service provider initiated model or SP-initiated IdP-initiated user access intranet using company\u2019s authentication user goes to web page and clicks link to Connections Cloud product like Connections Cloud S2. SSO is started and SAML assertion is sent to connections Cloud…<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":2474,"menu_order":39,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[7,511],"class_list":["post-3085","page","type-page","status-publish","hentry","category-amazon-aws","tag-aws","tag-identity-federation"],"acf":[],"yoast_head":"\n
Identity Federation - AWS | TestPrep Tutorials<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/identity-federation-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Identity Federation - AWS | TestPrep Tutorials\" \/>\n<meta property=\"og:description\" content=\"Flow models in federated identity management, are of types identity provider initiated model or IdP-initiated service provider initiated model or SP-initiated IdP-initiated user access intranet using company\u2019s authentication user goes to web page and clicks link to Connections Cloud product like Connections Cloud S2. SSO is started and SAML assertion is sent to connections Cloud...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/identity-federation-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-01T11:35:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-166.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/identity-federation-2\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/identity-federation-2\/\",\"name\":\"Identity Federation - AWS | TestPrep Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-31T11:47:28+00:00\",\"dateModified\":\"2020-05-01T11:35:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/identity-federation-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/identity-federation-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/identity-federation-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified Security Specialty\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Identity Federation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Identity Federation - AWS | TestPrep Tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/identity-federation-2\/","og_locale":"en_US","og_type":"article","og_title":"Identity Federation - AWS | TestPrep Tutorials","og_description":"Flow models in federated identity management, are of types identity provider initiated model or IdP-initiated service provider initiated model or SP-initiated IdP-initiated user access intranet using company\u2019s authentication user goes to web page and clicks link to Connections Cloud product like Connections Cloud S2. SSO is started and SAML assertion is sent to connections Cloud...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/identity-federation-2\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-01T11:35:57+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/09\/image-166.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/identity-federation-2\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/identity-federation-2\/","name":"Identity Federation - AWS | TestPrep Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-31T11:47:28+00:00","dateModified":"2020-05-01T11:35:57+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/identity-federation-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/identity-federation-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/identity-federation-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified Security Specialty","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-certified-security-specialty\/"},{"@type":"ListItem","position":3,"name":"Identity Federation"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3085","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=3085"}],"version-history":[{"count":5,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3085\/revisions"}],"predecessor-version":[{"id":5147,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/3085\/revisions\/5147"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2474"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=3085"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=3085"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=3085"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Federated access allows user\/application to call AWS API.\n