The latest articles on DEV Community by Abdul Rehman (@abdrehman98). https://dev.to/abdrehman98 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F993048%2F7b7083ea-694d-4d25-8f20-65e2b623b720.jpeg https://dev.to/abdrehman98 en Abdul Rehman Sat, 21 Jan 2023 21:50:51 +0000 https://dev.to/abdrehman98/how-to-setup-aws-iam-identity-center-with-aws-managed-microsoft-ad-2ij3 https://dev.to/abdrehman98/how-to-setup-aws-iam-identity-center-with-aws-managed-microsoft-ad-2ij3 <p>This is a second article in series on Outsource your Authentication and Authorization to AWS IAM Identity Center.</p> <p>In this article we will be configuring the AWS Managed Microsoft AD as an identity source for AWS IAM Identity Center(successor to AWS Single Sign-On).</p> <h3> Prerequisites </h3> <ul> <li>AWS Managed Microsoft AD, <a href="https://dev.to/abdrehman98/how-to-setup-aws-managed-microsoft-active-directory-l84">you can follow the previous article in series</a> </li> <li>AWS Organization should be already setup, it can be done in few clicks if any of you want a article on that feel free to leave a comment</li> <li>Basic understanding of what are Single Sign-On Systems</li> </ul> <p>I will be using N. Virginia(us-east-1) region throughout the series. To setup AWS IAM Identity Center with AWS Managed Microsoft AD follow the following steps:</p> <ol> <li>On your AWS Console search for Identity and click on IAM Identity Center <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsugzbigv1g4svv95dogr.png" alt="IAM Identity Center" width="800" height="357"> </li> <li>Then enable and wait for few seconds <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiooqy43lovzlcivc1999.png" alt="Enable IAM Identity Center" width="295" height="255"> </li> <li>Now lets configure previously created Managed AD as our identity provider(IdP). For that click on Choose your identity source <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi4m3urih2b6a1zgrc5lj.png" alt="Configure IdP" width="800" height="147"> </li> <li>Then under Identity Source select Action and click on Change identity source <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyv0o11r3fixhn6yp0jd0.png" alt="Change identity source" width="800" height="202"> </li> <li>Then select Active Directory and Click Next <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk7bjlc2jkbw8of1psvms.png" alt="Select Active Directory" width="800" height="393"> </li> <li>Then under Existing Directories select the AD we created previously and click Next <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffgonphz5fqzo4hrugi63.png" alt="Select the AD" width="800" height="318"> </li> <li>Now review all the consequences and type ACCEPT in confirmation box and click Change identity source <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxbix3ij2ezamp57rb7pw.png" alt="Review idp" width="800" height="717"> </li> <li>Then wait for few seconds for changes to get applied and then you will be returned to Setting screen. Now click on Resume Sync <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9vb0fsgutihu7kk0dvm3.png" alt="Resume Sync" width="800" height="226"> </li> <li>Now we need Configure attribute mappings from AD to IAM Identity Center. AWS have recommended one we will go with them to configure at top of setting page click on Start guided setup <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feualswalmkf8zgbvg2fy.png" alt="Configure attribute mappings" width="800" height="81"> </li> <li>For now we don't need to modify the attribute mapping just click Next to configure it <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyx7rdvz59fiw88ihtt9y.png" alt="Configure attribute mappings" width="800" height="788"> </li> <li>Currently our AD have one user(Admin) and zero groups we will import Admin User searching Admin in search box then click Add and then select user and click next <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbh7bym6b13iroavcnbfv.png" alt="Import Admin User" width="800" height="555"> </li> <li>Then click on Save configuration <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz06y1uarbmqrk1fa7gy4.png" alt="Save configuration" width="800" height="253"> </li> </ol> <p>That is it we have done all the required things to setup AWS IAM Identity Center with AWS Managed Microsoft AD.</p> <h3> Optional Step </h3> <p>Customize our access Portal URL.</p> <ol> <li>On your dashboard page. Click Customize in Setting Summary <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F08ayz1pgyvi7h4gb9n8y.png" alt="Customize URL" width="518" height="327"> </li> <li>Then access portal to your liking and click Save <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn1jpwl376l1tyr2591zj.png" alt="Image description" width="611" height="407"> </li> </ol> <h3> Lets Test our AWS Access Portal </h3> <ol> <li><p>Copy the access Portal URL from Setting Summary<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr64f753bd3amda9yora1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr64f753bd3amda9yora1.png" alt="Access Portal URL" width="519" height="287"></a></p></li> <li><p>Access Portal using the URL you just copied. And login using Active Directory Admin Username and Password. If everything has been configured correctly you should see a Portal without any apps because we haven't configured any yet</p></li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fflrcvr46tefv1kfxid7b.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fflrcvr46tefv1kfxid7b.png" alt="Empty Access Portal" width="800" height="627"></a></p> gratitude community Abdul Rehman Sat, 21 Jan 2023 20:51:01 +0000 https://dev.to/abdrehman98/how-to-setup-aws-managed-microsoft-active-directory-l84 https://dev.to/abdrehman98/how-to-setup-aws-managed-microsoft-active-directory-l84 <p>This is my first post in series on Outsource your Authentication and Authorization to AWS IAM Identity Center. And we will be using Microsoft Active Directory as our Identity Source. </p> <h3> Prerequisites </h3> <ul> <li>AWS Account</li> </ul> <p>I will be using N. Virginia(us-east-1) region throughout the series. To launch AWS Managed Microsoft Active Directory follow the following steps:</p> <ol> <li><p>On your AWS Console search for Directory and click on Directory Service<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--9eQOOzP9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/k01sxkb2osptjzd011zt.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--9eQOOzP9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/k01sxkb2osptjzd011zt.png" alt="Searching Directory Service" width="880" height="328"></a></p></li> <li><p>Then choose Set up directory<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--s8CsxYq---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/pxlhy262ggsyewto2smt.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--s8CsxYq---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/pxlhy262ggsyewto2smt.png" alt="Set up directory" width="880" height="253"></a></p></li> <li><p>Then choose AWS Managed Microsoft AD, and then click Next<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--1BPUFRVH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/xwrm6r1i2ncp0hkxhmk0.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--1BPUFRVH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/xwrm6r1i2ncp0hkxhmk0.png" alt="Select directory type" width="880" height="449"></a></p></li> <li><p>Then select Standard Edition, configure Directory DNS name it does not need to be publicly resolvable and set Admin password and click next<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--pi7u4xTM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8o4pb9hxs81ohqocyph2.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--pi7u4xTM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8o4pb9hxs81ohqocyph2.png" alt="Enter directory information" width="686" height="878"></a></p></li> <li><p>Now select the VPC and subnets in which you want you Directories Domain Controllers to be deployed in and click Next<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--S0riZBG---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zipq90uya2o47xi2eg15.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--S0riZBG---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zipq90uya2o47xi2eg15.png" alt="Choose VPC and subnets" width="880" height="497"></a></p></li> <li><p>On Review &amp; create page review everything and click Create directory and go for a Coffee break.</p></li> </ol> <p>That's it your AWS Managed Active Directory is now deployed.</p> <h3> Optional Steps </h3> <p>If you are following my series then you will eventually need a EC2 Instance to manage Users/Groups in your AD</p> <ol> <li><p><a href="https://docs.aws.amazon.com/directoryservice/latest/admin-guide/launching_instance.html">Follow this AWS article to launch a Windows EC2 Instance and join our recently launched AWS Managed AD.</a></p></li> <li><p>Once Instance is launched then connect to it using our Active Directory Admin Username and Password and <a href="https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_install_ad_tools.html">Install AD Tools using this article.</a></p></li> </ol> aws