AWS IAM
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You can use the Advanced Identity Cloud AWS IAM application to manage permissions that control which AWS resources users can access.
| To use this application, you must have an AWS administrator account with proper access to AWS as described in the AWS documentation. |
Register the application
-
In the Advanced Identity Cloud admin console, go to Applications, and click Browse App Catalog.
-
In the Browse App Catalog modal, select an application, and click Next.
-
Review the Application Integration information, and click Next.
-
In the Application Details window, specify the name, description, application owners, and logo for the application.
-
To make the application an Authoritative source of identity data, select the Authoritative check box. This option is not available for every application.
-
Click Create Application.
Configure provisioning
-
In the Advanced Identity Cloud admin console, on the Provisioning tab:
-
If setting up provisioning for the first time, click Set up Provisioning.
-
When editing existing settings in the Connection area, click Settings.
-
-
Configure the following fields:
Field Description Access Key
The AWS access key ID for the IAM user whose credentials are used to call AWS APIs.
Secret Key
The AWS secret access key associated with the access key ID.
Role ARN
The Amazon Resource Name (ARN) for the role.
Region
The host region of the AWS instance.
Parent Organization
The unique identifier assigned to the parent entity in the AWS Organization hierarchy. Required for Organizational Unit operations.
-
Optionally, click Show advanced settings to set any of the following options:
Field Description Page Size
The page size for search operations. The default is
100.Credential Expiration Duration
The temporary credentials expiration time in seconds. The default is
3600seconds.Connection Timeout
Define a timeout (in milliseconds) for the underlying connection. The default is
10000milliseconds.Maximum Connections
The maximum number of connections. The default is
10connections.Exclude Unmodified
Select this option to synchronize only the modified properties on a target resource.
-
Click Connect.
-
Verify the information in the Details tab.
Provision side tabs
The object type determines the side tabs that display on the Provisioning tab.
Use the object type list to select an object type, such as Group.
Afterward, you can configure properties in the different sub-tabs under the Provisioning tab.
| Provisioning tab | Description | Related sections |
|---|---|---|
Details |
View and manage an application, including name, ID, and native type. |
Select the specific application from Provision settings for an application. |
Properties |
View and manage properties for the selected object type. |
|
Data |
View data about the selected object type. |
|
Mapping |
View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties. |
|
Reconciliation |
Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems. View and manage rules for the users and groups that use your application. View and manage schedules for Full and Incremental reconciliation. |
|
Privacy & Consent |
Manage end-user data sharing and synchronization. |
|
Rules |
View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application. |
|
Advanced Sync |
Create and manage mappings between an identity profile and an application or between applications. |