Amazon Web Services (AWS) Connector
IMPORTANT: You must purchase Cloud Access Management to enable Cloud Governance features. Contact your SailPoint CSM to request access.
Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow. The SailPoint Amazon Web Services (AWS) Connector can be used to manage all the AWS Accounts in your organization or a subset of AWS Accounts. IdentityIQ for Amazon Web Services manages the AWS Organizations entities such as Service Control Policies, Organization Units and AWS Accounts. It also manages the IAM (Identity Access Management) entities such as Users, Groups, Roles, Inline policies, Managed policies (AWS and Customer managed) under each AWS Account.
Support Level: SailPoint Delivered
Connectors developed by SailPoint's Engineering team and supported under annual SailPoint support and maintenance. Reach out to SailPoint support for assistance.
Supported Use Cases
- Full Account Aggregation
- Single Account Aggregation
- Full Entitlement Aggregation
- Full Group Aggregation
- Single Group Aggregation
- Create Account Provisioning
- Update Account Provisioning
- Delete Account Provisioning
- Create Group Provisioning*
- Update Group Provisioning*
- Delete Group Provisioning*
- Enable / Disable Account Provisioning
- Unlock Account Provisioning
- Change Account Password
- Add Entitlement(s)
- Remove Entitlement(s)
*This feature is currently supported only with the IdentityIQ platform
- Amazon Web Services
Does IdentityIQ AWS connector support add Tags to AWS IAM User Account profile part of account provisioning process?
Does IdentityIQ AWS connector also manage AWS Single Sign-On (SSO)?
I was wondering the same, does the IdentityIQ AWS connector also manage AWS Single Sign-On (SSO)?
@vonschwc The AWS connector currently only manages AWS IAM and Organisation entities. you can try to use Web-service or SCIM connector for AWS SSO.
Currently this connector does not support federated Active Directory Security Group/Role to connect to AWS IAM Accounts, I believe the product manager mentioned this should be implemented in 8.3p1.
I have configured IdentityNow using the Amazon Web Services (AWS) Connector and am now able to report on IAM Users. However I also have some AWS SSO users and am not able to report on these SSO users. Does the Amazon Web Services (AWS) Connector also manage AWS Single Sign-On (AWS SSO) users?
AWS has released a new API recently. Should we use the generic Webservice connector for that?
Announcing new AWS IAM Identity Center (successor to AWS SSO) APIs to manage users and groups at sca...
is there a SailPoint integration with AWS IAM Identity Center (Successor to AWS Single Sign-On)?