miniOrange provides secure access to Amazon Web Services (AWS) for enterprises and full control over access of AWS applications. Single Sign On (SSO) into your Amazon Web Services (AWS) account with one set of login credentials.
Single Sign On
miniOrange Single Sign On (SSO) Solution provides easy and seamless access to all enterprise resources with one set of credentials. miniOrange provides Single Sign On (SSO) to any type of devices or applications whether they are in the cloud or on-premise.
Secure your Amazon Web Services (AWS) app from password thefts using multi factor authentication methods with 15+ authentication types provided by miniOrange. Our multi factor authentication methods prevent unauthorized users from accessing information and resources having password alone as authentication factor. Enabling second factor authentication for Amazon Web Services (AWS) protects you against password thefts.
miniOrange prevents frauds with its dynamic risk engine in conjunction with enterprise specific security policy. We support a combination of the Device Id, Location and Time of access as multi-factor authentication that can detect and block fraud in real-time, without any interaction with the user.
Amazon Web Services (AWS) supports only IdP(Identity Provider) initiated Single Sign On(SSO)
In IdP Initiated Login, SAML request is initiated from miniOrange IdP.
- Enduser first authenticates through miniOrange Idp by login to miniOrange Self Service Console.
- On User Dashboard , there is a Amazon Web Services (AWS) icon, when the enduser clicks on the icon he will be redirected to his Amazon Web Services (AWS) Account - there is no need to login again.
Follow the Step-by-Step Guide given below for Amazon Web Services (AWS) Single Sign On (SSO).
Step 1: Configure AWS in miniOrange
- Login to miniOrange Admin Console.
- Go to Apps >> Manage Apps. Click Configure Apps button.
- Click on SAML tab. Select AWS.
- Get the SP Entity ID or Issuer from the metadata (https://signin.aws.amazon.com/static/saml-metadata.xml). You will find the value in the first line against entityID. It is set to urn:amazon:webservices but may vary for non-US regions.
- Make sure the ACS URL is: https://signin.aws.amazon.com/saml . This might vary for non-US regions in which case you would find it in metadata ( https://signin.aws.amazon.com/static/saml-metadata.xml) as Location attribute of AssertionConsumerService.
- Click on Show Advanced Settings. Against Relay State select Custom Attribute Value & enter
- Enable Override RelayState.
- You can set another value for relay state depending on where you want to redirect user after SSO.
- Go to the Add Policy and select DEFAULT from the Group Name dropdown.
- Now enter the AWS in the Policy Name field.
- Select PASSWORD from the First Factor Type dropdown.
- Click on Save button to configure AWS.
- Click on Save to configure AWS.
- Once the App is added, click on the Metadata link, download metadata file and keep with you which you will require later.
Step 2: Setting SAML in Amazon Web Services (AWS)
- Login to your Amazon Web Services (AWS) Console as an admin.
- Click on Services Tab. Under Security, Identity & Compliances click on IAM (Identity and Access Management).
- From the left-hand side list, click on Identity Providers and then click on Create Provider button in the right section.
Step 3: Configure Provider in Amazon Web Services (AWS)
Step 5: Onboard users into our system.
- Click on Users >> Add User.
- Here, fill the user details without the password and then click on the Create User button.
- Click on On Boarding Status tab. Check the email, with the registered e-mail id and select action Send Activation Mail with Password Reset Link from Select Action dropdown list and then click on Apply button.
- Now, Open your email id. Open the mail you get from miniOrange and then click on the link to set your account password.
- On the next screen, enter the password and confirm password and then click on the Reset Password button.
- Now, you can login into miniOrange account by entering your credentials.
Step 6: Login to AWS using miniOrange
- Go to miniOrange dashboard and select the User Dashboard from the right side menu.
- Click on AWS application which you added, to verify your SSO configuration.
Using Two Factor Authentication for Amazon Web Services(AWS)
The most practical way to strengthen authentication is to require a second factor after the username/password stage. Since a password is something that a user knows, ensuring that the user also has something or using biometrics thwarts attackers that steal or gain access to passwords.
Traditional two-factor authentication solutions use hardware tokens (or "fobs") that users carry on their keychains. These tokens generate one-time passwords for the second stage of the login process. However, hardware tokens can cost up to $40 each. It takes time and effort to distribute them, tracks who has which one, and replace them when they break. They're easy to lose, hard to use, and users consistently report high levels of frustration with token-based systems.
Your choice of second factor
miniOrange authentication service has 15+ authentication methods.
You can choose from any of the above authentication methods to augment your password based authentication. miniOrange authentication service works with all phone types, from landlines to smart-phone platforms. In the simplest case, users just answer a phone call and press a button to authenticate. miniOrange authentication service works internationally, and has customers authenticating from many countries around the world.
For Further Details:
AWS AppStream Single Sign On (SSO)