Page does not exist at path /content/ping/en/company/blog/authors/jason-arrington
Updated Nov. 12, 10:54 am (MST)
Amazon... It's not just the place my wife sends half my paycheck. Amazon Web Services has become one of the largest cloud providers out there, and many enterprises large and small are leveraging the AWS platform to expand or even replace their datacenter. But as the customer use cases for AWS expand so do the user and identity management challenges.
The good news is that Amazon provides an extensive set of APIs to programmatically manage the AWS infrastructure. The bad news is that as of today Amazon doesn't support standard-based approaches for single sign-on via SAML or OAuth or user management via the System for Cross-Domain Identity Management (SCIM). (Editor's note: A week after this story was originally published, Amazon announced support for SAML 2.0)
That's where our team comes in.
We build and maintain the Integration Kits, Cloud Identity Connectors, Token Translators, and SaaS Connectors that allow Ping to bridge the gap between disparate on-premises and cloud-based systems.
We've worked hard to learn the AWS ecosystem and build integration based on the requests coming in from our prospects and customers. We're just wrapping up the first release of our new AWS SaaS Connector. It's in the hands of some early adopters now, and we're incorporating their feedback so we can make it broadly available in the next few weeks.
Our SaaS Connector for Amazon Web Services supports two different models for user single sign-on -- Federated and IAM.
Amazon describes a "Federated" user as an external user who gets an anonymous mapping to a specific AWS role, which typically provides limited access into the AWS system.
An IAM user is a named user in the AWS system with a defined set of rights and could have multiple roles and access keys. Our connector automates sign-on into the AWS system as either a Federated or IAM user and retrieves the appropriate access key based on the requested role.
We also leverage the AWS Provisioning APIs to provide automated policy-based AWS user account creation, update, and deletion from PingOne or PingFederate. This integration helps you keep on-premise and cloud-based user stores up to date and consistent. Provisioning allows new users to get the access they need without cumbersome manual account creation, and de-provisioning ensures that access is revoked immediately when a role changes or a user leaves the organization, eliminating a major security risk.
We're excited to provide this new capability for our customers. We've added more resources to our integration team so we can build more new integrations and enhance the ones we already have. Let us know if you have any feedback on our new AWS SaaS Connector or any of our other connectors, and which new systems you would like to see us integrate with in the future.