Category: AWS Identity and Access Management (IAM)

Decentralization of work and infrastructure in hybrid environments is leading to identity and access management challenges due to lack of centralized visibility and governance. In this blog, let’s learn how customers can solve these challenges and enhance their identity governance and security with Cisco Duo Identity Federation and advanced access management features. Cisco Duo seamlessly integrates with AWS IAM Identity Center and other identity sources and acts as an identity aggregator that efficiently routes user authentication to appropriate sources. This integrated solution delivers both improved security with end-to-end phishing resistance and AI-driven identity intelligence, and a simplified user experience through passwordless authentication.

Organizations migrating to the cloud face significant security challenges, including regulatory compliance, limited visibility, and skill shortages, which traditional security methods struggle to address. This situation is often exacerbated by delayed security implementations, but tools like Wiz integrated with AWS landing zone can help organizations manage cloud security from the start, enabling successful digital transformation while maintaining robust security measures.

The integration of artificial intelligence (AI) technologies is rapidly gaining momentum across various industries, offering a variety of business advantages. However, without implementing robust AI security measures, organizations may face substantial risks, including model poisoning and sensitive data breaches. Learn how Orca Security provides effective strategies to mitigate and prevent these potential threats.

AWS IAM Roles Anywhere allow you to use identity and access management roles to obtain temporary credentials for workloads outside AWS. This minimizes exposed credentials, enables centralized access controls with AWS IAM, and provides granular permissions to virtual machines. Explore common use cases for using IAM Roles Anywhere for your workloads running on VMware Cloud on AWS and the relevant setup process on a virtual machine in VMware Cloud on AWS.

For applications running outside AWS, developers often create IAM users with long-lived credentials which can increase security risks. Instead, learn how to integrate AWS IAM Web Identity Roles with Microsoft Entra ID for centralized user management. This post walks through manual setup steps to register an app in Entra ID and create a role in AWS, and describes an automated architecture to synchronize Entra ID service principals and AWS roles.

The Amazon Athena web-based query editor enables data consumers to author and run SQL queries on data sources that are registered with the AWS Glue Data Catalog and other data sources such as Amazon S3. This post describes the setup to provide federated access with OneLogin as the identity provider to securely access, author, and run queries in the Athena web-based editor via the AWS console, without the need for users to install a JDBC driver or run a SQL client on their machines.

IAM Health Cloud is a SaaS solution available in AWS Marketplace that enables continuous and central collection and analysis of all AWS Identity and Access Management (IAM) data for determining a company’s IAM posture across any number of AWS accounts. Learn how to use IAM Health Cloud to gain near real-time centralized insight of all IAM assets across multiple AWS accounts, even if they are independent or part of fragmented AWS Organizations.

Federation using SAML 2.0 enables customers to use their existing external IdP and avoid managing multiple sources of identities when accessing AWS accounts. This post builds on the recommendation of using regional SAML endpoints for failover by showing how you can configure Okta‘s federation with IAM to increase its availability. Learn how to configure Okta, an AWS Security Competency Partner, to utilize multiple regional AWS SAML sign-in endpoints that can be deployed at setup by the Okta admin.

As multi-tenant SaaS providers look to leverage machine learning services, they must consider how they’ll protect the data that flows in and out of these services from different tenants. Learn how tenant isolation of machine learning services can be achieved using AWS IAM, and how the integration between IAM, Amazon SageMaker, and many other AWS services provide developers with a rich set of mechanisms that can be applied to realize tenant isolation goals.

OneLogin, an AWS Security Competency Partner, provides an identity platform for secure, scalable, and smart experiences that connects people to technology. Learn about all of the integrations available between OneLogin and AWS. Through these integrations, OneLogin enables you to seamlessly authenticate into AWS managed services across various domains, including analytics, compute, serverless, security, management and governance, and more.