Online Help

SafeNet Trusted Access for AWS

Overview

Configuring SafeNet Trusted Access for AWS is a three-step process:

1.AWS setup

2.SafeNet Trusted Access setup

3.Verify Authentication

AWS Setup

As a prerequisite, download the Identity Provider metadata from the SafeNet Trusted Access console by clicking on the Download metadata file button. You will need this metadata in one of the steps below.

In Amazon Web Services (AWS), you need to create a SAML identity provider and a role to configure SafeNet Trusted Access as your identity provider.

Perform the following steps to configure SafeNet Trusted Access as your identity provider:

1.Log in to AWS as an administrator using the https://console.aws.amazon.com/iam URL.

2.On the AWS IAM dashboard, in the left pane, click Identity providers and then in the right pane, click Create Provider.

3.Under Configure Provider, in the Provider Type field, select SAML, and then perform the following steps:

a.In the Provider Name field, enter a name for the SafeNet Trusted Access identity provider (for example, SAML_Provider).

b.Next to the Metadata Document field, click Choose File to search and select the metadata file that you downloaded earlier from the SafeNet Trusted Access console.

c.Click Next Step.

4.Under Verify Provider Information, click Create.

The identity provider (for example, SAML_Provider) will be successfully added in AWS.

5.In the left pane, click Roles, and then in the right pane, click Create role.

6.On the Create role window, select the SAML 2.0 federation tile.

7.Under Choose a SAML 2.0 provider, perform the following steps:

a.In the SAML provider field, select the SAML identity provider (for example, SAML_Provider) that you created earlier.

b.Select the Allow programmatic and AWS Management Console access option.

c.In the Attribute field, ensure that SAML:aud is selected.

d.In the Value field, ensure that https://signin.aws.amazon.com/saml is available.

e.Click Next: Permissions.

8.Under Attach Permissions Policies, select the permissions that you want to grant to SAML users, and then click Next: Review.

9.Under Review, perform the following steps:

a.In the Role name field, enter a name for the role (for example, Operator1).

b.In the Role description field, enter an appropriate description of the role.

c.Click Create role.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in AWS, the second step is to activate the AWS application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, you will notice that the AWS application that you added previously is currently in inactive state by default. To configure and activate this application, click on the application (for example, AWS) and proceed to the next step.

2.Under STA Setup, perform the following steps:

a.Under Account Details, complete the following fields:

Field Value to be Set
ENTITY ID Enter the entityID. For example, https://signin.aws.amazon.com/
ACCOUNTID Enter the account ID (for example, 396277675979) of AWS. The account ID is available on the AWS IAM dashboard, in the IAM users sign-in link. For example, https://396277675979.signin.aws.amazon.com/console
ROLE Enter the role name of the SafeNet Trusted Access identity provider (for example, Operator1) that you entered earlier in step 9(a) of AWS Setup.
PROVIDER Enter the name of the SafeNet Trusted Access identity provider (for example, SAML_Provider) that you entered earlier in step 7(a) of AWS Setup.
NAME ID Ensure that Email address is selected.
 

b.Under Return Attributes, ensure that the RoleSessionName attribute is set to First Name.

c.Click Save Configuration to save the details and activate the AWS application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the AWS login URL, https://idp.safenetid.com/auth/realms/<tenant-referenceid>/protocol/saml/clients/<AWS Application Name>, where, <AWS Application Name> is the name that is provided while adding AWS application in SafeNet Trusted Access. You will be redirected to the SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the AWS user portal after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click on the AWS application icon, you should be redirected to the AWS user portal after authentication.

 

© 2018 SafeNet Trusted Access. Various trademarks held by their respective owners.