PoPs Features
Connecting to the AWS Console with SSO (Single Sign-On)
POPs provides SSO benefits so that employees can access all popular SaaS apps with a single account and a single login.
October 20, 2023
4 min read
Megazone PoPs
It's time to gain visibility into your SaaS usage.
Request a demo to see how PoPs helps you integrate and manage the SaaS tools used across your organization.
SSO (single sign-on), efficiency and security at the same time
Recently, the complexity of account management is growing as organizations using a variety of software as a service (SaaS) applications. Individual logins to each application are not only cumbersome, but can also pose a security threat. To address these issues, many organizations are involved single sign-on (SSO) solutions. SSO provides both user convenience and security by convenient access to multiple applications with a single login. In particular, considering SSO to critical cloud services such as Amazon Web Service (AWS) can improve the efficiency of account management.
POPs, a SaaS management platform, also supports employees to access all popular SaaS apps with a single account and a single login. In this article, we'll explain how to access the AWS console with the SSO function provided by POPs.
Why SSO is important
Single sign-on (SSO) has become an essential part of the modern business environment.
1. Maximizing ease of use
SSO allows users to connect to all services with a single authentication without having to go through a separate login process every time they access multiple SaaS applications. This explains the user experience.
2. Enhanced security
SSO reduces authentication management, and security can be considered by vulnerable password reuse or weak password usage. This plays an important role in managing enterprise data security.
3. Empowers IT department work efficiency
SSO puts the burden on IT staff by simplifying account management, access authorization, and retrieval processes. This effort to reduce the operational efficiency of the organization.
4. Easy to Comply
SSO can centrally manage access logs, making it easy to meet regulatory requirements. This helps companies to meet with legal requirements.
For this reason, SSO plays an important role in an enterprise's IT strategy, and can achieve ease of use, enhanced security, work efficiency, and compliance.
Introducing the AWS Console with SSO on POPs
When you log in to POPs, you can view all assigned SaaS apps at a glance that can be used with a single sign-on. If you click the AWS Console app in the launcher, can you connect to SSO. To do this, you must first add the AWS Console app in the POPs admin.
Adding an AWS Console App to POPs
1. Download the metadata needed to add an AWS Console app from POPs
1. Log in to the POPs admin with an administrator account.
2. Select an app from the menu, and then click View App Catalog.
3. In the app catalog, click the AWS Console app.
4. On the AWS Console app details screen, click [Add App].
5. On the Add App screen, click [Download Metadata] to download the SAML IdP Metadata file.
2. Go to the AWS Console, sign in, and check the identity provider ARN
1. Go to the IAM > Identity Providers menu in the AWS Console and click Add Provider.
2. On the Add Credential Provider page, select SAML as the provider type, upload the uploaded SAML IdP Metadata file to the Metadata Document, and then click Add Provider.
3. From the list of credential providers, click the name of the credential provider you added to go to the detail page.
4. On the credential provider detail page, copy and keep the credential provider ARN.
3. Check the identity provider's role ARN in the AWS console
1. In the AWS console, go to the IAM > Access Management > Identity Providers menu.
2. From the list of credential providers, select POPs.
3. Click the Assign Role button to assign a role. There are two ways to assign roles: creating a new role and considering it, and considering a role with the appropriate permissions from an existing role.
• Entering New Roles
1. On the Credential Provider details screen, click the [Assign Role] button and select [Create New Role].
2. On the role creation screen, select the following items and click the [Next: Policy] button.
- Select trusted types of objects: SAML 2.0 integration
- SAML provider: Select the identity provider you added and select 'Allow programmatic and AWS Management Console access'
3. In the Attach Permissions Policy step, select the policy you want to link to the role, and then click the [Next: Tag] button.
4. In the Add Tags step, add the required tags and click the [Next: Review] button.
5. After completing all required information during the review step, click the [Create Role] button.
6. On the details screen of the role you created, copy the role ARN and keep it.
• Maintaining existing roles
1. On the credential provider details screen, click the [Assign Role] button and select [Use an existing role].
2. Select the role you want to assign from the list of roles to go to the detailed screen for that role.
3. On the Permissions tab on the role details screen, click [Attach Policy] to select the policy you want to link, and click the [Attach Policy] button.
4. On the Trust Relationship tab on the role details screen, click [Edit Trust Relationship], replace “Principal” as shown below, and click the [Update Trust Policy] button.
“federated”:” {{credential provider ARN}}”
5. Return to the role details screen and copy the role ARN and keep it.
4. Go back to the POPs admin to finish adding the AWS Console app
1. On the Add an App screen in the POPs admin, enter all the required values for SAML settings.
2. In the Role pair field of the required login attribute, enter the identity provider ARN and role ARN that you copied and saved from the AWS console in the following format: The field values you enter are provided as a selection of roles to be considered when considering the AWS Console app to users after adding the app. Can you add multiple role pairs.
arn:aws:iam: :123456789012:role/role name, arn:aws:iam: :123456789012:saml-provider/credential provider name
3. Click Add App to finish adding the AWS Console app.
At the end
Megazone Cloud, which created POPs, explains that smooth work progress is an important factor in the employee experience. Individual login authentication processes for SaaS are integrated into SSO to make it easy for employees to run the SaaS products they want. There isn't a single day that Megazone Cloud employees don't use POPs to connect to the SaaS they need:)
Get notified whenever valuable SaaS management content is updated.
By clicking the “Subscribe” button and submitting your email, you are deemed to consent to receiving promotional information for marketing purposes. This is optional and will not affect your use of the MegazonePoPs service even if you do not agree.
[Required] Consent to Collection and Use of Personal Information
PoPs collects and uses your personal information as described below. Please review the following and indicate your consent by checking the box.
Collector: MegazoneCloud Corp.
Personal Information Collected:
[Required] Email address
Purpose of Collection and Use:
- To provide the PoPs newsletter
Retention and Use Period:
- 3 years from the date of collection (data will be deleted without delay upon withdrawal of consent)
※ How to Withdraw Consent
Click the unsubscribe link in the email or notify us via the contact listed in the message
Personal Information Inquiry Contact
Team: Offering GTM Team
Email: offering_gtm@mz.co.kr
※ Right to Refuse & Disadvantages
You have the right to refuse consent. However, if you do not agree, we may not be able to provide the above-mentioned service.
[Optional] Consent to Collection and Use of Personal Information (for Marketing & Promotional Use)
PoPs collects and uses your information as described below. Please review and indicate your consent by checking the box.
Collector: MegazoneCloud Corp.
Personal Information Collected:
[Required] Email address
Purpose of Collection and Use:
- To send PoPs newsletters
※ This includes consent to receive promotional content via email.
Retention and Use Period:
- Until consent is withdrawn
※ How to Withdraw Consent
Click the unsubscribe link in the email to opt out
Personal Information Inquiry Contact
Team: Offering GTM Team
Email: offering_gtm@mz.co.kr
※ Right to Refuse & Disadvantages
You have the right to refuse consent. However, if you do not agree, we may not be able to provide the above-mentioned service.
PoPs collects and uses your personal information as described below. Please review the following and indicate your consent by checking the box.
Collector: MegazoneCloud Corp.
Personal Information Collected:
[Required] Email address
Purpose of Collection and Use:
- To provide the PoPs newsletter
Retention and Use Period:
- 3 years from the date of collection (data will be deleted without delay upon withdrawal of consent)
※ How to Withdraw Consent
Click the unsubscribe link in the email or notify us via the contact listed in the message
Personal Information Inquiry Contact
Team: Offering GTM Team
Email: offering_gtm@mz.co.kr
※ Right to Refuse & Disadvantages
You have the right to refuse consent. However, if you do not agree, we may not be able to provide the above-mentioned service.
[Optional] Consent to Collection and Use of Personal Information (for Marketing & Promotional Use)
PoPs collects and uses your information as described below. Please review and indicate your consent by checking the box.
Collector: MegazoneCloud Corp.
Personal Information Collected:
[Required] Email address
Purpose of Collection and Use:
- To send PoPs newsletters
※ This includes consent to receive promotional content via email.
Retention and Use Period:
- Until consent is withdrawn
※ How to Withdraw Consent
Click the unsubscribe link in the email to opt out
Personal Information Inquiry Contact
Team: Offering GTM Team
Email: offering_gtm@mz.co.kr
※ Right to Refuse & Disadvantages
You have the right to refuse consent. However, if you do not agree, we may not be able to provide the above-mentioned service.
