Configuring provisioning for AWS IAM Identity Center

Edit online

Provision users from IBM® Verify to an AWS IAM Identity Center.

Before you begin

  • You must have an AWS IAM Identity Center account with administrator access.
  • The AWS IAM Identity Center must be set up with the "All features enabled" flag is set.
  • The AWS IAM Identity Center service is enabled and configured to use a Verify tenant as the external identity source.

About this task

Provisioning provides the following features:
Create new users
New users that are created through Verify are also created in the AWS Single Sign On application.
Delete users
Deactivating the user or disabling the user's access to the application through Verify deletes the user in the AWS IAM Identity Center application.
Modify user profile

Updates that are made to the user's profile through Verify are pushed to the third-party application.

User suspend and restore
Suspending a user through Verify deactivates the user and restoring the user through Verify activates the user in the AWS IAM Identity Center application.
User synchronization and remediation
The AWS IAM Identity Center application supports user synchronization, remediation, and group synchronization features.
Fine grained entitlement
Fine grained entitlement for only groups supported for the AWS IAM Identity Center.

Procedure

  1. Log in as an administrator user to your AWS Management Console by using the following URL.
    https://console.aws.amazon.com/console/home
  2. Enter AWS IAM Identity Center in the Find Services search box.
  3. 3. Click AWS IAM Identity Center from the search results to navigate to the AWS IAM Identity Center.
  4. On the Welcome to AWS Identity Center page, navigate to Settings.
  5. Follow the instructions on the Sign-on tab to set your Verify tenant as the external identity provider for AWS.
  6. Click Enable automatic provisioning next to Provisioning to enable SCIM provisioning for AWS users.
  7. Copy the value of SCIM endpoint that is displayed on the pop-up window.
    You need this value to configure user provisioning in Verify.
  8. Click Show token and copy the value of the Access token.
    You need this value to configure user provisioning in Verify.
  9. In the navigation bar on the upper right, choose your username, and then choose Security Credentials.
  10. Click ton he Access keys (access key ID and secret access key) section. And click Create New Access Key button.
  11. Click on the Show Access Key that is displayed on the pop-up window and copy the values of Access Key ID and Secret Access Key.
  12. The following parameters are required to configure user provisioning in Verify:
    1. SCIM base URL
      Provide the value of your AWS SCIM endpoint.
    2. Bearer token
      Provide the value of your AWS Access token.
    3. Access Key ID
      Provide the value of your AWS Access Key ID of AWS IAM user that has admin access.
    4. Secret Access Key
      Provide the value of your AWS Secret Access Key of AWS IAM user that has admin access.
    5. Identity Store ID
      Provide the value of your AWS Identity Store ID.
    6. Region
      Provide the value of your AWS Region.