Labels

3300 (1) 3PAR (1) Active Directory (1) ADFS (1) Admin Share (1) Auto-Sync (2) Auto-Sync locked (1) AWS (3) AzCopy (1) Azure (3) Backups (2) Broadcom (1) Call Forwarding (1) CLI (2) cmd (1) Compatibility View (1) Dameware MRC (1) Databases (1) DFS (1) DNS (1) Domain Admin (1) domain controller (1) Enterprise Mode (1) ESXi 5.0 (1) ESXi 5.1 (5) ESXi 5.5 (3) Exchange (3) Exchange 2010 (5) Extreme (1) ExtremeXOS (1) Federation (1) File Share (1) FSMO (1) GPO (1) Group Policy (1) Group Policy Client (1) Hardware Acceleration (1) Helpdesk (1) HP-UX (1) Hyper-V (2) IAM (1) IE10 (1) IE11 (1) IP conflict (1) Kayako (3) LDAP (1) Licence (1) Links (9) local groups (1) LUN lock (1) LUN number (1) MAC address (1) Microsoft Teams (1) Mitel (1) Namespaces (1) Networking (6) Nexenta (6) NMC (1) Office 365 (4) OneDrive (1) Outlook 2003 (1) Outlook 2013 (1) PC (1) Physical (1) PowerCLI (10) Powershell (10) promoted links (2) Public Folders (1) RDP (1) RDS (1) Recovery Services (1) RedShift (1) Registry (3) Reports (1) Resolve (2) Restart (1) RSA (1) Run As (1) SAML (1) SAN (1) Scavenging (1) script (10) Server 2003 (3) Server 2008 R2 (1) Server 2012 R2 (2) Servers (2) sharepoint 2013 (3) SMTP (3) Snapshot (2) SRM (1) SSH (5) SSL Certificate (2) Temporary profile (1) Terminal Server (3) Troubleshooting (5) Ubuntu (1) Update Manager (1) Useful Apps (1) VAAI (1) vCenter Server Appliance (1) VDI (1) VDP (1) Veeam Backup and Replication (2) VM (1) VM Error (1) vmdk (1) VMFS (1) vMotion (2) VMware (20) VoiP (1) vSphere 5.5 (4) vSphere 6.0 (2) vSphere 6.5 (1) vUM (1) webpart (1) Windows (3) Windows 10 (1) Windows 7 (2)

Tuesday, 23 August 2016

AWS: Enabling Federation With ADFS

Following the guide found in the blog post below;
https://blogs.aws.amazon.com/security/post/Tx71TWXXJ3UI14/Enabling-Federation-to-AWS-using-Windows-Active-Directory-ADFS-and-SAML-2-0
This guide allowed us to set up federation using ADFS 3.0. The only thing to note which does not appear to be in the blog post, is that the Active Directory Security Groups that you create (starting AWS-) must be Global or Universal. This will not work if the group has been created as Domain Local.

 If you have created the group at this level you can change this without needing to recreate the Security Group. Simply set the Group Scope to "Universal" as this will then allow the "Global" box to be selected again.

 This will also accept nested groups when granting access so you do not need to add all users individually.
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)