Connecting to the AWS Console with SSO (Single Sign-On)

POPs provides SSO functionality so that employees can easily access all permitted SaaS apps with a single account and a single login.
October 20, 2023
4 min read
Megazone PoPs

SSO (single sign-on), efficiency and security at the same time

Recently, the complexity of account management is growing as organizations use a variety of software as a service (SaaS) applications. Individual logins to each application are not only cumbersome, but can also pose a security threat. To address these issues, many organizations are adopting single sign-on (SSO) solutions. SSO provides both user convenience and security by allowing access to multiple applications with a single login. In particular, applying SSO to critical cloud services such as Amazon Web Service (AWS) can greatly improve the efficiency of account management.

POPs, a SaaS management platform, also supports employees to easily access all permitted SaaS apps with a single account and a single login. In this article, we'll discuss how to easily access the AWS console with the SSO function provided by POPs.

Why SSO is important

Single sign-on (SSO) has become an essential part of the modern business environment.

1. Maximizing ease of use

SSO allows users to connect to all services with a single authentication without having to go through a separate login process every time they access multiple SaaS applications. This greatly enhances the user experience.

2. Enhanced security

SSO enables centralized authentication management, and security incidents can be prevented by reducing password reuse or weak password usage. This plays an important role in strengthening enterprise data security.

3. Improving IT department work efficiency

SSO reduces the burden on IT staff by simplifying account management, access authorization, and retrieval processes. This contributes to increasing the operational efficiency of the organization.

4. Easy to comply

SSO can centrally manage access logs, making it easy to meet regulatory requirements. This helps companies comply with legal requirements.

For this reason, SSO plays an important role in an enterprise's IT strategy, and can simultaneously achieve ease of use, enhanced security, work efficiency, and compliance.

Accessing the AWS Console with SSO on POPs

PoPs 런처 화면
POPs launcher screen

When you log in to POPs, you can view all assigned SaaS apps at a glance that can be used with a single sign-on. If you click the AWS Console app in the launcher, you can connect directly to SSO. To do this, you must first add the AWS Console app in the POPs admin.

Adding an AWS Console App to POPs

1. Download the metadata needed to add an AWS Console app from POPs

PoPs에서 AWS Console 앱 추가에 필요한 메타데이터 다운로드

1. Log in to the POPs admin with an administrator account.

2. Select an app from the menu, and then click View App Catalog.

3. In the app catalog, click the AWS Console app.

4. On the AWS Console app details screen, click [Add App].

5. On the Add App screen, click [Download Metadata] to download the SAML IdP Metadata file.

2. Go to the AWS Console, sign in, and check the identity provider ARN

AWS Console로 이동하여 로그인 후 자격 증명 공급자 ARN 확인

1. Go to the IAM > Identity Providers menu in the AWS Console and click Add Provider.

2. On the Add Credential Provider page, select SAML as the provider type, upload the downloaded SAML IdP Metadata file to the metadata document, and then click Add Provider.

3. From the list of credential providers, click the name of the credential provider you added to go to the detail page.

4. On the credential provider detail page, copy and keep the credential provider ARN.

3. Check the identity provider's role ARN in the AWS console

1. In the AWS console, go to the IAM > Access Management > Identity Providers menu.

2. From the list of credential providers, select POPs.

3. Click the Assign Role button to assign a role. There are two ways to assign roles: creating a new role and assigning it, and selecting a role with the appropriate permissions from an existing role.

• Assigning new roles

AWS Console에서 자격 증명 공급자의 역할 ARN 확인 - 새 역할 할당하기

1. On the credential provider details screen, click the [Assign Role] button and select [Create New Role].

2. On the role creation screen, select the following items and click the [Next: Policy] button.

  • Select trusted types of objects: SAML 2.0 integration
  • SAML provider: Select the identity provider you added and select 'Allow programmatic and AWS Management Console access'

3. In the Attach Permissions Policy step, select the policy you want to link to the role, and then click the [Next: Tag] button.

4. In the Add Tags step, add the required tags and click the [Next: Review] button.

5. After entering all required information during the review step, click the [Create Role] button.

6. On the details screen of the role you created, copy the role ARN and keep it.

• Assigning existing roles

AWS Console에서 자격 증명 공급자의 역할 ARN 확인 - 기존 역할 할당하기

1. On the credential provider details screen, click the [Assign Role] button and select [Use an existing role].

2. Select the role you want to assign from the list of roles to go to the detailed screen for that role.

3. On the Permissions tab on the role details screen, click [Attach Policy] to select the policy you want to link, and click the [Attach Policy] button.

4. On the Trust Relationship tab on the role details screen, click [Edit Trust Relationship], replace “Principal” as shown below, and click the [Update Trust Policy] button.

“federated” :" {{credential provider ARN}}”

5. Return to the role details screen and copy the role ARN and keep it.

4. Go back to the POPs admin to finish adding the AWS Console app

1. On the Add an App screen in the POPs admin, enter all the required values for SAML settings.

2. In the Role pair field of the required login attribute, enter the identity provider ARN and role ARN that you copied and saved from the AWS console in the following format: The field values you enter are provided as a selection of roles to be granted when assigning the AWS Console app to users after adding the app. You can add multiple role pairs.

arn:aws:iam: :123456789012:role/role name, arn:aws:iam: :123456789012:saml-provider/credential provider name

3. Click Add App to finish adding the AWS Console app.

At the end

Megazone Cloud, which created POPs, believes that smooth work progress is an important factor in the employee experience. Individual login authentication processes for SaaS are integrated into SSO to make it easy for employees to run the SaaS products they want. There isn't a single day that Megazone Cloud employees don't use POPs to connect to the SaaS they need:)

👉 Learn more about SSO features

SaaS 사용 현황을 파악해야 할 때입니다.
데모를 신청하시면 PoPs를 통해 조직에서 사용하는 SaaS를 어떻게 통합하고 관리하는지 알 수 있습니다.
데모 신청하기
Megazone PoPs

유용한 SaaS 관리 트렌드를
메일함에서 만나보세요.

구독해주셔서 감사합니다.
이메일 주소를 다시 확인해주세요.
"구독하기" 버튼을 눌러 이메일을 제출하시면 마케팅 활용을 위한 광고성 정보 수신 동의한 것으로 간주하며 이는 선택사항으로 미 동의시에도 MegazonePoPs 서비스 이용에는 지장이 없습니다.
[필수] 개인정보 수집·이용 동의 안내
PoPs는 아래 내용에 따라 귀하의 정보를 수집 및 활용합니다. 다음의 내용을 숙지하시고 동의하는 경우 체크 박스에 표시해 주세요.
1. 개인정보 수집자 : 메가존클라우드㈜
2. 수집 받는 개인 정보
[필수]이메일
3. 수집/이용 목적
- PoPs 뉴스레터 제공
4. 보유 및 이용 기간 : 개인정보 수집일로부터 3년(단, 고객 동의 철회 시 지체없이 파기)
※ 개인정보 이용 철회 방법
- 안내 문자 등의 동의 철회를 이용하는 방법 : 이메일 수신 거부 링크 클릭 또는 안내 문자 내 수신거부 연락처를 통한 수신 거부 의사 통보
- 개인정보 처리 상담 부서
- 부서명: Offering GTM Team
- 연락처:offering_gtm@mz.co.kr
※ 동의거부권 및 불이익
귀하는 동의를 거절할 수 있는 권리를 보유하며, 동의를 거절하는 경우 상기 이용 목적에 명시된 서비스가 제공되지 아니합니다.

[선택] 개인정보 수집·이용 동의 안내 (마케팅 활용 및 광고성 수신 정보 동의)
PoPs는 아래 내용에 따라 귀하의 정보를 수집 및 활용합니다. 다음의 내용을 숙지하시고 동의하는 경우 체크 박스에 표시해 주세요
1. 개인정보 수집자 : 메가존클라우드㈜
2. 수집 받는 개인 정보
[필수]이메일
3. 수집/이용 목적
- PoPs 뉴스레터 제공
※ 본 동의문에는 이메일을 활용한 광고성 수신 동의 내용이 포함되어 있습니다.
4. 보유 및 이용 기간 : 동의 철회 시 까지
※ 개인정보 이용 철회 방법
- 안내 문자 등의 동의 철회를 이용하는 방법 : 이메일 수신 거부 링크 클릭 통한 수신 거부 의사 통보
- 개인정보 처리 상담 부서
- 부서명: Offering GTM
- 연락처: offering_gtm@mz.co.kr
※ 동의거부권 및 불이익
귀하는 동의를 거절할 수 있는 권리를 보유하며, 동의를 거절하는 경우 상기 이용 목적에 명시된 서비스가 제공되지 아니합니다.

Realize SaaS Cost Optimization.

Gain visibility into your SaaS usage with centralized management to see your new costs.
Request a Demo
Respond within 3 business days
Demonstration of SaaS integration and management within your organization