Identity Federation

  • SAML 2.0 - An open federation standard that allows an identity provider (IdP) to authenticate users and pass identity and security information about them to a service provider (SP). Users authenticate with the IdP once using a single set of credentials, and then get access to multiple applications and services without additional sign-ins.

  • Active Directory Federation Services (AD FS) - It authenticates the user against Active Directory and temporary credentials are returned using STS AssumeRoleWithSAML.

  • Custom Identity Broker - Write code to create a URL that lets users who sign in to your organization's network securely access the AWS Management Console. Used if your identity store is not compatible with SAML 2.0.

  • Web Identity Federation - Users of your app can sign in using a well-known external identity provider (IdP), such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP.

  • Cognito - Preferred way to use web identity federation.

PreviousRequire that objects grant the bucket owner full controlNextEnabling internet access in a VPC

Last updated

Was this helpful?