Showing posts from February, 2019

The Un-documented Way to Setup AWS SSO with Okta

In this article I would like to share an un-documented way of setting up AWS SSO by using Okta.In case you don’t know what Okta is. It is one of the popular identity management solutions out in the market. It provides Identity as a service through its Web portal and APIs. There is a detailed document provided by Okta walks through steps of how to setting up SAML SSO between your AWS accounts and Okta. So why don’t we follow that? Well, the solution suggested by the official document requires a privileged USER Account to be setup in your Master AWS Account . The account will then be configured to be able to assume roles in all your other accounts. In other words, if this account is compromised, your whole organization’s AWS Accounts are exposed to potential security breach. Ok, what’s the better way then? I actually talked about this in one of my old post Setup SSO Access to AWS Console with Azure AD . Like the Azure AD solution, we will map user groups to different AWS Roles. With