View Source

In your Dualshield server, you need to create a SSO service provider for AWS.

Navigate to "SSO | Service Provide", click the "Create" button on the toolbar:

DualShield MFA Platform > Create Service Provider in DualShield for AWS > image2017-6-20 13:0:10.png

Fill all fields as shown above. The Metadata should be downloaded from the link below:

https://signin.aws.amazon.com/static/saml-metadata.xml

Now, click the "Edit" button next to the "Attributes..." field. You need to create a couple of attributes required by AWS.

The following 2 attributes are essential.

The Name value of the first attribute is, https://aws.amazon.com/SAML/Attributes/RoleSessionName

DualShield MFA Platform > Create Service Provider in DualShield for AWS > image2017-6-20 13:6:29.png

The Name value of the second attribute is, https://aws.amazon.com/SAML/Attributes/Role

DualShield MFA Platform > Create Service Provider in DualShield for AWS > image2017-6-20 13:7:38.png

In the script edit box, enter the text below:

"arn:aws:iam::226196376180:saml-provider/DualShield,arn:aws:iam::226196376180:role/"+AWSRole

The first part, "arn:aws:iam::226196376180:saml-provider/DualShield" is the ARN of the Identity Provider created in AWS. See below:

DualShield MFA Platform > Create Service Provider in DualShield for AWS > image2017-6-20 23:3:35.png

The second part, "arn:aws:iam::226196376180:role/"+AWSRole is the ARN of the role of the user. AWSRole is a user's identity attribute mapped to an AD attribute that define the user's role in AWS.

DualShield MFA Platform > Create Service Provider in DualShield for AWS > image2017-6-20 23:5:44.png

Finally, click Save to save it.

DualShield MFA Platform > Create Service Provider in DualShield for AWS > image2017-6-20 13:9:30.png