Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The 
    D s platform
     uses its native SAML support for SSO authentication.
  • Access to AWS resources is governed by the set of permissions and IAM roles that are managed by your AWS admins. The
    D s platform
     does not allow editing of the list of available IAM roles for use.
  • Authentication to AWS is governed by a third-party SAML provider, which has access to this set of IAM roles and underlying permissions.
  • Users of the
    D s platform
     are mapped to one or more IAM roles. These IAM roles can be selected at the workspace (admin) or individual user level.

Usage:

When this feature is enabled, a user's available IAM roles are automatically synched via SAML. When a user signs in to the 

D s webapp
, the user can select their default role to use. 

Pre-requisites

  • Per-user authentication to AWS has been enabled. For more information, see Configure AWS Per-User Authentication.
  • This feature is supported only for the SAML authentication method of SSO authentication native to the 
    D s platform
    .  It is not supported for any other SSO auth method. For more information, see Configure SSO for SAML
  • AWS permissions must be defined via IAM role and made available to an identity provider that adheres to SAML standards. The SAML identity provider must be configured with a list of SAML assertions containing the IAM roles that an external user may assume.

...