AWS-SSO-SYNC
Overview
On Demand SCIM provisioning of Azure AD to AWS SSO with PowerShell
- This repo is based on the steps outlined in this article updated July 2021.
Getting Started
Prerequisites
Configure AWS Single Sign-On with the steps outlined in this article
App Registration
Create
- Navigate to Azure Active Directory
- Open the App Registrations blade
- Choose New Registration
- Name: [Example: AWS]
- All other options remain default
- Choose Register
- Open the Certificates & secrets blade
- Choose New client secret
- Choose Add
- Copy the Value shown within Client Secrets
Configure
- Navigate to Azure Active Directory
- Open the App Registrations blade
- Choose the app created in the previous task
- Open the API Permissions blade
- Choose Add a permission
- Choose Microsoft Graph
- Choose Application permissions
- Scroll down to Application and expand
- Choose Application.ReadWrite.OwnedBy
- Choose Add permissions
- Choose Grant admin consent for [Tenant Name]
Enterprise Application
- Navigate to Azure Active Directory
- Choose Enterprise applications blade
- Choose the app created in the previous task
- Choose Users and groups blade
- Choose Add user
- Choose Users
- Choose service account created in previous task
- Choose Assign
Inputs
Gather the following properties for input into the PowerShell script
- Navigate to Azure Active Directory
- Choose App Registrations blade
- Choose the app created in the previous task
- Copy the following values:
- Tenant Id
- Application Name
- Application Id
- Client Secret
Note: When copying and pasting in Windows, choose the PowerShell icon, then Edit > Paste.
License
This library is licensed under the MIT-0 License. See the LICENSE file.