RAC/M Identity

English

Français

English

Français

toggle dark mode

On this page

AWS IAM Identity Center

The AWS IAM Identity Center connector enables data to be synchronized between AWS IAM Identity Center and RAC/M Identity.

Configuration

The following parameters are required:

ConfigurationDescription
RegionAWS region in which the Identity Center IAM service is deployed.
IAM Identity Store IdIdentity Store identifier.
IAM Identity Store ARNIdentity Store RNA identifier.
Access Key IdAccess key identifier (see point 8 below)
Secret Access KeyAccess key and secret access key.

How to create AWS Access Keys

  1. Create a new IAM policy
json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "identitystore:IsMemberInGroups",
                "identitystore:ListGroupMemberships",
                "identitystore:DescribeUser",
                "identitystore:GetGroupMembershipId",
                "identitystore:ListUsers",
                "identitystore:ListGroupMembershipsForMember",
                "identitystore:GetGroupId",
                "organizations:ListAccounts",
                "identitystore:DeleteUser",
                "identitystore:DescribeGroupMembership",
                "identitystore:DescribeGroup",
                "identitystore:CreateUser",
                "identitystore:ListGroups",
                "identitystore:GetUserId"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "sso:ListAccountAssignments",
                "sso:ListPermissionSets",
                "sso:CreateAccountAssignment",
                "sso:ListPermissionSetsProvisionedToAccount",
                "sso:DeleteAccountAssignment",
                "sso:DescribePermissionSet"
            ],
            "Resource": [
                "arn:aws:sso:::instance/*",
                "arn:aws:sso:::permissionSet/*/*",
                "arn:aws:sso:::account/*"
            ]
        }
    ]
}

  1. Go in the user section and click on Create userCréation d'un user agent

    Enter a name and click on NextCréation d'un user agent

  2. Create a new policy Création d'un user agent

    Assign to it the policy created in step 1 Attribuer policy Click on Next

    Enter a Policy name and an optional Description for the policy Attribuer policy Click on Create policy.

  3. Validate the user before the creation and click on Create userValider

  4. Create the key pair by clicking on Create access key. Création des clés

    Select Application running outside AWS and click Next. Création des clés

    Enter a description for the key and click on Create access key. Création des clés

  5. Downlaod the csv key file with the Download .csv file and click on Done. Création des clés

    Your key configuration is now complete Création des clés

  6. Your AWS user configuration is complete

Copyright ©2011-2023 Okiok Data Ltd, All rights reserved.