Configuring Duo for AWS


#1

Is it possible to use Duo with AWS without AWS SSO? For example with ADFS

thank you


#2

Yes, you can use AD FS as the IdP for AWS, and install the Duo MFA plugin for AD FS.


#3

Kristina,

If this is true, the Duo documentation is really confusing because the link you gave me ask to install AWS SSO:

Microsoft AD FS

Microsoft’s Active Directory Federation Services (AD FS) is a popular choice for SSO because it easily integrates with the AD identity store many organizations already have deployed. Duo’s support for cloud applications and SSO drops in to an existing AD FS installation to provide secondary authentication after a user passes primary authentication (successful Active Directory logon).

[snip]
Once your AD FS services are up and running, the second step is to configure the SSO partnership between your AD FS service and the external cloud resource, in this case AWS. Learn more about configuring AWS SSO with AD FS at the [Amazon AWS blog].
[snip]

Which is true, the Duo documentation or you?

Thanks for your help


#4

There is “AWS SSO”, a named product from Amazon, and “AWS SSO”, the concept of signing in to AWS using single sign-on. In the linked documentation we mean the latter, using AD FS to provide SSO to AWS.

Try clicking through to the blog post https://aws.amazon.com/blogs/security/enabling-federation-to-aws-using-windows-active-directory-adfs-and-saml-2-0/ for more information.

I hope that clears it up.


#5

It does thank you. Using the sae name for 2 different things confused me :slight_smile:


#6

I get that. We put our doc up before the “AWS SSO” product existed, but I’ll make sure to get that wording updated on our side.