Enable Single Sign On (SSO)

After completing Account Structure instructions, please follow steps below to configure SSO.

Configure SSO

You will create an AWS Organization with the management account.

  1. Login to the AWS console as an IAM user with the required permissions, start typing SSO into the Find Services box and click on AWS Single Sign-On: Images/home_sso.png

  2. Click Enable AWS SSO: Images/sso_enable.png

  3. Select Groups: Images/ssodashboard_groups.png

  4. Click Create group: Images/ssogroups_create.png

  5. Enter a Group name of Cost_Optimization and a description, click Create group: Images/ssogroup_details.png

  6. Click Users: Images/ssodashboard_users.png

  7. Click Add user: Images/ssouser_adduser.png

  8. Enter the following details:

  • Username
  • Password -
  • Email address
  • First name
  • Last name
  • Display name
  • Configure the optional fields as required click Next: Images/ssouser_detail.png
  1. Select the Cost_Optimization group and click Next: Images/ssouser_group.png

  2. Review user details and click Add User Images/ssouser_addusersubmit.png

  3. The user will receive an email, with a link to Accept invitation, the Portal URL and their Username: Images/ssouser_email.png

  4. When the user goes to the portal, they will enter in a Password and click Set new password: Images/ssouser_login.png

  5. Enter the new SSO Username and Password click Sign In: Images/ssouser_activate.png

Users will not have permissions until you complete the rest of this step. A management and member permission set will be created

  1. Create the management permission set. Click on Permission sets, and click Create permission set: Images/ssoaccount_createpermission.png

  2. Select Custom permission set and click Next: Images/ssouser_permission.png

  3. Select Inline Policy. Use the policy below as a starting point, modify it to your requirements and paste it in the policy field, click Next.

You MUST work with your security team/specialist to ensure you create the policies inline with least privileges for your organization.

Click here for Custom permissions policy
Images/ssouser_inlinepolicy.png

  1. Enter a Permission set name of management_CostOptimization, enter a Description, set the Session duration, click Next. Images/ssouser_permissionsetdetails.png

  2. Review and Create the custom permissions policy. Images/ssopermissionset_create.png

  3. Create the member permission set. Click on Permission sets, and click Create permission set: Images/ssoaccount_createpermission.png

  4. Select Custom permission set and click Next: Images/ssouser_permission.png

  5. Select Inline Policy. Use the policy below as a starting point, replace (management CUR bucket) and (Cost Optimization Member Account ID) click Next.

You MUST work with your security team/specialist to ensure you create the policies inline with least privileges for your organization.

Click here for Custom permissions policy
Images/ssouser_inlinepolicy.png

  1. Enter a Permission set name of member_CostOptimization, enter a Description, set the Session duration, click Next. Images/ssouser_memberpermissionsetdetails.png

  2. Review and Create the custom permissions policy. Images/ssopermissionset_create.png

  3. Setup the Cost Optimization management account. Click AWS accounts, select the management account, click Assign users or groups: Images/ssoaccount_organizationusers.png

  4. Select Groups, select the Cost_Optimization group, click Next: Images/ssoaccount_groups.png

  5. Select the management_CostOptimization Permission set, click Next: Images/ssoaccount_grouppermission.png

  6. Review and Submit: Images/ssoaccount_permissionsubmit.png

  7. Verify account was updated with permission set: Images/ssoaccount_success.png

  8. Setup the Cost Optimization member account. Click AWS accounts, select the member account, click Assign users or groups: Images/ssoaccount_memberorganizationusers.png

  9. Select Groups, select the Cost_Optimization group, click Next: Images/ssoaccount_groups.png

  10. Select the member_CostOptimization Permission set, click Next: Images/ssoaccount_membergroups.png

  11. Review and Submit: Images/ssoaccount_memberpermissionsubmit.png

  12. Verify account was updated with permission set: Images/ssoaccount_success.png

You have now setup your Cost Optimization users, group and their permissions.