Configure Amazon Connnect for SSO using Microsoft Azure

July 2nd, 2020

Azure AD Configuration

There is work that needs to be done on both sides and typically two different engineers will be working the issue, one on Azure and one in Connect.  Step one is for the Azure engineer to setup a new application using the login link that agents would normally use to login to the Connect instance.  You can find this on the Amazon Connect home page inside the AWS Management console.   The Azure engineer will then provide a Metadata.XML file back to the AWS Engineer.

Step 2 AWS IAM Provider Configuration

 

  1. Log in to AWS and open the IAM
  2. Click on Identity providers and then Create Provider.
  3. Choose the Provider Type as SAML.
  4. Enter Provider Name, such as “Azure AD”
  5. Upload a Federation Metadata XML (downloaded from previous step).
  6. Click Create Provider

 

Step 3 AWS IAM Role Configuration ( More Information Here: https://docs.aws.amazon.com/connect/latest/adminguide/configure-saml.html )

  1. From the IAM/roles console Create a New Role
  2. Select SAML 2.0 Federation trusted entity type
  3. Select the Azure AD SAML provider from previous step
  4. Select Allow Programmatic and AWS Management Console access. The rest will auto-fill.
  5. On the Attach Permissions Policies Page create a policy like this:

{

“Version”: “2012-10-17”,

“Statement”: [

{

“Sid”: “Federation”,

“Effect”: “Allow”,

“Action”: “connect:GetFederationToken”,

“Resource”: [

“arn:aws:connect:YOUR_REGION:YOUR_ACCOUNT_ID:instance/YOUR_INSTANCE_ID/user/${aws:userid}”

]

}

]

}

  1. After policy is created, go back to Create Role tab, reload the policy list, and select your new policy.
  2. Set a role name and description, then click Create Role
  3. Open the new role and copy the Role ARN into notepad. Switch to the trust relationships tab and copy the Provider ARN into notepad.

Step 4 Create User for Azure to pull Roles for Users

1 – Create Policy “List Roles”

2 – Create User with programmatic access and attach the policy with the Access and Secret Keys

3 – Send me the Provider ARN and Role ARN back to the Azure engineer along with the User and Access Keys where the balance of the configuration is completed

The Azure engineer will then complete the Provisioning section setting the mode to Auto

 

 

Comments are closed.

Ask DrVoIP

ask drvoip

Network Readiness Assessment

drvoip readiness checklist

Is your network Ready?

Complimentary free download - DrVoIP VoIP Network Readiness Assessment Checklist (pdf)

Download Now ›

Training Videos

shoretel ipbx cisco cusm
shoretel ecc audio voice prompts
cisco uccx call back option
generic call queue cc admin
   

statcounter



free
web stats


© Copyright DrVoIP.com 2020
Follow DrVoIP