Configure Single Sign-On in AWS for CloudCheckr CMx

In this topic, you will learn how to set up Single Sign-On (SSO) for your AWS account in CloudCheckr CMx by configuring:

  • AWS (the Identity Provider or IdP)
  • CloudCheckr CMx (the Service Provider or SP)

Procedure

  1. Log in to the AWS Management Console.

    The AWS services page opens.

  2. In the Find Services text field, type AWS SSO

    The AWS Single Sign-On Console opens.

  3. From the Dashboard, click Applications.

    The Applications screen opens.

  4. Click Add a new application.

    The AWS SSO Application Catalog opens.

  5. Click Add a custom SAML 2.0 application.
  6. In the Details section:
    1. Type CloudCheckr CMx in the Display name field.
    2. Type Cloud Management Platform In the Description field.
  7. Scroll down to the AWS SSO metadata section.
  8. Click Download to download the AWS SSO SAML metadata file and send it to Support.
  9. Scroll down to Application properties.
  10. For Session duration, select Custom duration and select 900 seconds.
  11. Scroll down to Application metadata.
  12. Click the link, If you don't have a metadata file, you can manually type your metadata values.
  13. Choose the Application ACS URL and Application SAML Audience that match the AWS region you use to access CloudCheckr:

    Region

    Application ACS URL

    Application SAML Audience

    US

    https://auth-us.cloudcheckr.com/auth/sso/saml2/Acs

    https://auth-us.cloudcheckr.com/auth

    EU

    https://auth-eu.cloudcheckr.com/auth/sso/saml2/Acs

    https://auth-eu.cloudcheckr.com/auth

    AU

    https://auth-au.cloudcheckr.com/auth/sso/saml2/Acs

    https://auth-au.cloudcheckr.com/auth

    GOV

    https://auth-gov.cloudcheckr.com/auth/sso/saml2/Acs

    https://auth-gov.cloudcheckr.com/auth

  14. Type the values you just selected into the appropriate fields.
  15. Click Save Changes.

    AWS displays details about your CloudCheckr CMx application configuration.

  16. Click Attribute Mappings.
  17. Perform the following actions in this tab:
    1. For the Subject User attribute, type ${user:email} and leave the format as emailAddress.
    2. Click Add new attribute mapping.
    3. For the name attribute, type${user:email} and leave the format as unspecified.
  18. Click Assigned users.
  19. Click Assign users to assign users you would like to access CloudCheckr CMx from your directory.
  20. Once Support has added your metadata to your account, select CloudCheckr CMx from your AWS apps list to log in.

How did we do?