Configure Amazon Connnect for SSO using Microsoft Azure
July 2nd, 2020
[breadcrumb]
Azure AD Configuration There is work that needs to be done on both sides and typically two different engineers will be working the issue, one on Azure and one in Connect.  Step one is for the Azure engineer to setup a new application using the login link that agents would normally use to login to the Connect instance.  You can find this on the Amazon Connect home page inside the AWS Management console.   The Azure engineer will then provide a Metadata.XML file back to the AWS Engineer. Step 2 AWS IAM Provider Configuration  
  1. Log in to AWS and open the IAM
  2. Click on Identity providers and then Create Provider.
  3. Choose the Provider Type as SAML.
  4. Enter Provider Name, such as “Azure AD”
  5. Upload a Federation Metadata XML (downloaded from previous step).
  6. Click Create Provider
  Step 3 AWS IAM Role Configuration ( More Information Here: https://docs.aws.amazon.com/connect/latest/adminguide/configure-saml.html )
  1. From the IAM/roles console Create a New Role
  2. Select SAML 2.0 Federation trusted entity type
  3. Select the Azure AD SAML provider from previous step
  4. Select Allow Programmatic and AWS Management Console access. The rest will auto-fill.
  5. On the Attach Permissions Policies Page create a policy like this:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Federation", "Effect": "Allow", "Action": "connect:GetFederationToken", "Resource": [ "arn:aws:connect:YOUR_REGION:YOUR_ACCOUNT_ID:instance/YOUR_INSTANCE_ID/user/${aws:userid}" ] } ] }
  1. After policy is created, go back to Create Role tab, reload the policy list, and select your new policy.
  2. Set a role name and description, then click Create Role
  3. Open the new role and copy the Role ARN into notepad. Switch to the trust relationships tab and copy the Provider ARN into notepad.
Step 4 Create User for Azure to pull Roles for Users 1 - Create Policy "List Roles" 2 - Create User with programmatic access and attach the policy with the Access and Secret Keys 3 - Send me the Provider ARN and Role ARN back to the Azure engineer along with the User and Access Keys where the balance of the configuration is completed The Azure engineer will then complete the Provisioning section setting the mode to Auto    
Related articles
Campaign Dialer History and the Current State of the Art in Amazon Connect
A Brief History Amazon Connect was introduced in 2017 as a revolutionary, cloud-native contact center solution from AWS. That same [...]
Would you answer a call from a toll free number?
Campaign Dialer Feature Request? We are often asked to comment on how to increase answer rates on cold calls.   Calls [...]
DrVoIP Amazon Connect Demo Center - Try it you will like it!
Amazon Connect Demo Center We offer a complete Amazon Connect Contact center with all the bells and whistles free for [...]