AWS SCIM Automatic Provisioning and Deprovisioning
AWS SCIM Automatic Provisioning allows to create account in a simplified and automated way to link AWS user's account to their existing or new third party apps. AWS SCIM Provisioning automates user provisioning with their identities across the applications where users need access to. Enable automatic provisioning in Amazon Web Services (AWS) Identity center for users using Active Directory credentials.
Automated User Provisioning saves time when setting up new users and teams, and also manages access privileges through user lifecycle managemnet. miniOrange can create, read, and update user accounts for new or existing users, remove accounts for deactivated users, and synchronize attributes across multiple user stores.
AWS SCIM User provisioning and deprovisioning actions are bi-directional, so you can create accounts inside an external application and import them into miniOrange, or alternatively create the accounts in miniOrange and then push them out to any linked external applications.
AWS SCIM automatic Deprovisioning means deleting a user and removing their access from multiple applications and network systems at once. Deprovisioning action is triggered when an employee leaves a company or changes roles within the organization. The deprovisioning features increase your organization's security profile by removing access to sensitive applications and content from people who leave your organization.
Automatic Provisioning & Deprovisioning Scenarios for Amazon Web Services (AWS) Identity center
miniOrange provides Provisioning solutions for all scenarios of user management (provisioning), which includes AD Integration, LDAP Integration and automated provisioning for all External Applications such as AWS SCIM, Google Workspace, Workday, Salesforce, Microsoft apps, etc.
Follow the Step-by-Step Guide given below to setup Automated AWS SCIM Provisioning
1. Setup Provisioning for AWS SCIM
- Open the AWS SSO Console.
- Choose Settings in the left navigation pane.
- On the Settings page, under Identity source, next to Provisioning, choose Enable automatic provisioning. This immediately enables automatic provisioning in AWS SSO and displays the necessary endpoint and access token information.
- In the Inbound automatic provisioning dialog box, copy each of the values for the following options. You will need to paste these in later when you configure provisioning in your IdP.
a. SCIM endpoint
b. Access Token
- Choose Close.
2. Add SCIM Configuration for AWS application in miniOrange
- If you are using any external IDP and just want to enable provisioning through us:
- Go to Apps >> Provisioning >> Create a SCIM 2.0 App for AWS.
- If you want to enable SAML authentication + SCIM both:
- Go to Apps >> SAML >> AWS.
- In the Provisioning section, enter the SCIM Base URL and Bearer Token that you got in this step.
3. Add Attribute Mapping
- Now in the Add Attribute Mapping, choose the required Target Attributes with their specific miniOrange Attributes. You can select either Default User Profile Attribute or Custom User Profile Attribute.
Note: The givenName, familyName, userName, and displayName and email fields are required.
- In Enable Provisioning Features, you can enable any feature below.
- Click on Save button.
4. Create Group
- Go to Groups > Create Group. Enter the Group Name and click on Create Group button and the group will be created.
5. Add Policy
- In the Policies section, navigate to Add Policy tab.
- In Select Application section, select the application you have created in step2.
- In Configure Settings section, select the group you have created in step4 and enter the policy name with the required login method.
- Click on Save button.
6. Add Users
- Go to Users > Add User.
- Enter the Users Details and the user will be created.
7. Assign Users
- Go to Groups.
- Assign the users to the Group you have created in step4.
External References