Setup AWS SSO with Google as an external identity provider

In modern organizations, managing internal authentication and authorization can be a difficult task. It is important to ensure that only authorized users have access to the appropriate resources, which can become complicated as the number of users and third-party services used grows. Managing unique login credentials for every service and user becomes impractical. This is where single sign-on comes in.

This article will guide you through the process of utilizing single sign-on to manage user access to Amazon Web Services (AWS) resources through Google’s G Suite accounts.

You will need the following tools:

• AWS account with administrator access
• Google G Suite user with administrator access

This authentication flow is shown in the following diagram.

1. IAM Identity Center initial setup

If you have not yet enabled IAM Identity Center in your account, complete the following prerequisites to get started with IAM Identity Center:

• Enable IAM Identity Center — When you choose Enable, a window populates and requests that you Create AWS organization. You must complete this step because IAM Identity Center requires AWS Organizations.