You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/saas-apps/aws-single-sign-on-provisioning-tutorial.md
+5-4Lines changed: 5 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -169,10 +169,11 @@ Once you've configured provisioning, use the following resources to monitor your
169
169
## Just-in-time (JIT) application access with PIM for groups (preview)
170
170
With PIM for Groups, you can provide just-in-time access to groups in Amazon Web Services and reduce the number of users that have permanent access to priviliged groups in AWS.
171
171
172
-
**Configure provisioning**
172
+
**Configure your enterprise application for SSO and provisioning**
173
173
1. Add AWS IAM Identity Center to your tenant and configure it for provisioning as described in the tutorial above.
174
-
1. Create a group that will provide all users access to the application and assign the group to the application.
175
-
1. Assign your test user as a direct member of the group created in step 2, or provide them access to the group through an access package. This group can be used for persistent, non-admin access in AWS.
174
+
1. Configure [single sign-on](aws-single-sign-on-provisioning-tutorial.md) for AWS IAM Identity Center.
175
+
1. Create a group that will provide all users access to the application and assign the group to the application.
176
+
1. Assign your test user as a direct member of the group created in the previous step, or provide them access to the group through an access package. This group can be used for persistent, non-admin access in AWS.
176
177
1. Use on-demand provisioning to provision the group created in step 1 into your application. At this point the group does not have any active members so this will simply create the group object in AWS.
177
178
1. Sign-in to AWS and assign the group to the necessary role / permissions in AWS.
178
179
@@ -183,7 +184,7 @@ With PIM for Groups, you can provide just-in-time access to groups in Amazon Web
183
184
1. Assign your test user as [eligible for the group in PIM](https://learn.microsoft.com/azure/active-directory/privileged-identity-management/groups-assign-member-owner) with the role set to member.
184
185
185
186
186
-
Now any end user that was made eligible for the group in step 3 can get JIT access to the group in AWS by following the steps outlined [here].(https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-activate-roles#activate-a-role). Please note that the group membership change in AWS will be reflected roughly 1 - 2 minutes after the PIM activation has completed.
187
+
Now any end user that was made eligible for the group in PIM can get JIT access to the group in AWS by [activating their group membership](https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-activate-roles#activate-a-role).
187
188
188
189
> [!IMPORTANT] The group membership is provisioned roughly a minute after the activation is complete. Please wait before attempting to sign-in to AWS. If the user is unable to access the necessary group in AWS, please review the troubleshooting tips below and provisioning logs to ensure that the user was successfully provisioned.
0 commit comments