AWS SSO Guide for Managing Access Across Accounts
•
3 j'aime•1,141 vues
* 발표 동영상: https://youtu.be/DJlt1v4Gya8 AWS Single Sign-On(SSO)을 사용하면 여러 AWS 계정 및 비즈니스 애플리케이션에 대한 액세스를 중앙에서 손쉽게 관리하고 사용자에게 Single Sign-On 액세스를 제공하여 할당된 모든 계정 및 애플리케이션을 한 곳에서 액세스하도록 할 수 있습니다.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à AWS SSO Guide for Managing Access Across Accounts
Similaire à AWS SSO Guide for Managing Access Across Accounts (20)
Plus de Amazon Web Services Korea
Plus de Amazon Web Services Korea (20)
Dernier
Dernier (20)
AWS SSO Guide for Managing Access Across Accounts
- 1. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ) n - I M D A
- 2. L S o c
- 3. L S o c A a W S O S O S
- 4. - ) S U x si b z naO bW y t fL D ))( WU 다중 AWS 계정에 대한 접근 관리 손쉽게 빠른 설정 가능 기존 인증 서비스 연계 가능 외부 SaaS 앱 연동 가능
- 5. - i - g
- 6. - i z - x E
- 7. - i l s S x
- 8. - i l hW g eI b c ( , M ) o rg
- 9. - i l hW g eI • • A • , • C AWS Single Sign-On Active Directory External IDPNative AWS SSO SAML 2.0 Service Provider Inbound SAML SCIM
- 10. - i hW Ao eI ))(O z ek vu nA z ),,) x si c
- 11. - at AWS Organization 설정 • AWS SSO 활성화 AWS Directory Service 설정 • 옵션 1 : AWS Managed AD • 옵션 2 : AD Connector • 옵션 3 : AWS Managed AD 사용자 정의 권한 설정하기 • 직무 역할 기반 사용자 지정 • 연결된 IAM 정책 사용자 지정 사용자에게 권한 부여 하기 • AD 그룹 검색 • 정의 된 역할과 페어링 • 조직의 계정 또는 계정 집합에 대해 활성화 인증 및 권한 테스트 • AWS SSO 사용자 포털로 이동 • AWS 콘솔 접속 • 기존 연동 구성 또는 직접 IAM 인증과 동시에 테스트
- 12. r s OD u • i p ( / p p O e • ( / h dk P y LL T mz • L p dk P ,(. y _ T mz • h su wru s ) h ,(. y S • ) A C c h Mp AWS SSO user portal AuthZ Groups Corporate data center AWS Single Sign-On AWS Cloud SAML AuthN Active Directory Access
- 13. M S - eI Master Account AWS Directory Service를 사용하여 온 프레미스 AD 연결 정의된 권한에 AD 그룹 매핑 각 AWS 계정, OU 또는 전체 조직에 대한 접근 권한 부여 AWS Directory Service AWS Cloud AWS Single Sign-On AWS Organizations Groups Corporate data center Entitlements Active Directory AD connector Microsoft AD Simple AD Assignments
- 14. M o AWS SSO user portal AuthN AuthZ SAML Groups Active Directory Corporate data center Master Account AWS Directory Service AWS Cloud Entitlements ConfigurationAssignmentsAccess AD connector Microsoft AD Simple AD AWS Single Sign-On AWS Organizations
- 15. AWS SSO user portal AuthN AuthZ SAML Groups 3P Providers Master Account AWS Cloud Entitlements ConfigurationAssignmentsAccess Azure AD Identity Provider SCIM SAML Trust External IDP AWS Single Sign-On AWS Organizations
- 16. )( x • f M nrd f C C • r t r S r u C • , P M l o r AWS Single Sign-On AWS Cloud Apps
- 17. )( x AWS SSO user portal AuthN AuthZ Groups Active Dir Corporate data center AWS Directory Service AWS Cloud Entitlements ConfigurationAssignmentsAccess Apps AWS Single Sign-On
- 18. P Feature AWS SSO AWS Managed Microsoft AD AD Connector SAML 2.0 w/manual provisioning SAML 2.0 w/SCIM provisioning Create user/group O X X Provisioning only X Remove user/group O (Delete user) X X Provisioning only Provisioning only Reset user passwords O N/A N/A Identity Provider Identity Provider Where to configure MFA AWS SSO AWS SSO or AWS Managed AD AWS SSO or AD Connector Identity Provider Identity Provider Provisioning AWS SSO Console Just In Time Just In Time AWS SSO Console Identity Provider Switch to AD Deletes users, groups, entitlements Deletes users, groups, entitlements Deletes users, groups, entitlements Deletes users, groups, entitlements Deletes users, groups, entitlements Switch to IdP Preserves entitlements for matching users Deletes users, groups, entitlements Deletes users, groups, entitlements Preserves entitlements for matching users Preserves entitlements for matching users Switch to AWS SSO N/A Deletes users, groups, entitlements Deletes users, groups, entitlements Preserves entitlements, password reset? Preserves entitlements, password reset? Session duration AWS SSO permission set session duration AWS SSO permission set session duration AWS SSO permission set session duration Lesser of IdP session or AWS SSO permission set session duration Lesser of IdP session or AWS SSO permission set session duration
- 19. - a o • v r I Oc r • p L C i D ) Lf ) r • r / , i y z S F • d ) r Oc e • tm S / ,d ) y r Cs ( M F • W f , v C k f u • , a l r F • https://docs.aws.amazon.com/singlesignon/latest/userguide/limits.html
- 20. x • h • D D A A A D : D : A • t g D A D D A A A C D : D : A D D C: D • n U • ( : : / / ou v • ( : : / / / G CD C ACI • ( : : / ( C ( v • a ( / m O e W p l • ( : : A y )-, p
- 21. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ) !