Member-only story

Setup AWS SSO with Google as an external identity provider

Yurii Martyniuk
5 min readMar 25, 2023

--

In modern organizations, managing internal authentication and authorization can be a difficult task. It is important to ensure that only authorized users have access to the appropriate resources, which can become complicated as the number of users and third-party services used grows. Managing unique login credentials for every service and user becomes impractical. This is where single sign-on comes in.

This article will guide you through the process of utilizing single sign-on to manage user access to Amazon Web Services (AWS) resources through Google’s G Suite accounts.

You will need the following tools:

  • AWS account with administrator access
  • Google G Suite user with administrator access

This authentication flow is shown in the following diagram.

1. IAM Identity Center initial setup

If you have not yet enabled IAM Identity Center in your account, complete the following prerequisites to get started with IAM Identity Center:

To set up an external identity provider in IAM Identity Center

  • In the Settings, choose the Identity source tab, select the Actions dropdown in the top right, and then select Change identity source.

--

--

Yurii Martyniuk
Yurii Martyniuk

Written by Yurii Martyniuk

AWS | DevOps | Infrastructure-as-Code

Responses (1)

Write a response