2023.05
Source & Binary

Onboarding users

When new folks join your company they're probably going to need access to AWS. Here's a quick guide for granting it, depending on which identity provider you use.

After you've added folks to the identity provider per your usual onboarding process for all employees, do the following for each user who needs access to AWS.

Azure AD

  1. Visit https://portal.azure.com/#view/Microsoft_AAD_UsersAndTenants/UserManagementMenuBlade/~/AllUsers in a browser (or visit the Azure portal, click Azure Active Directory, and click Users)

  2. Click the user's name

  3. Click Custom security attributes (preview)

  4. Click Add assignment

  5. Select “AWS” in the Attribute set column

  6. Select “RoleName” in the Attribute name column

  7. Enter the name (not the ARN) of the IAM role they should assume in your admin account (“Administrator” for yourself as you're getting started; if for others it's not “Administrator” or “Auditor”, ensure you've followed adding non-Administrator roles for humans first)

  8. Click Save

Google Workspace

  1. Visit https://admin.google.com/ac/users (or visit https://admin.google.com and click Users)

  2. Click the user's name

  3. Click User information

  4. In the AWS section, click Add RoleName and paste the name (not the ARN) of the IAM role they should assume in your admin account (if it's not “Administrator” or “Auditor”, ensure you've followed adding non-Administrator roles for humans first)

  5. Click SAVE

Okta

  1. Visit your Okta admin panel in a browser

  2. Click the hamburger menu

  3. Click People in the Directory section

  4. Click the user's name

  5. Click Profile

  6. Click Edit

  7. In the AWS_RoleName input, enter the name (not the ARN) of the IAM role they should assume in your admin account (“Administrator” for yourself as you're getting started; if for others it's not “Administrator” or “Auditor”, ensure you've followed adding non-Administrator roles for humans first)

  8. Click Save

  9. Click the hamburger menu

  10. Click Applications in the Applications section

  11. Click the name of your Intranet application

  12. Click the Assignments tab

  13. Click Assign and then Assign to People

  14. Select your new folks

  15. Click Assign

PreviousAdding custom IAM roles for humans or servicesNextOffboarding users

Last updated