Key9 Identity
  • Welcome To Key9 Identity
  • SSH
    • Installation & Setup
      • MacOS Yubikey Smartcard/PIV instructions.
        • 1. Installation of MacOS software
        • 2. Changing the Yubikey PIN.
        • 3. Generating Keys and Certificates for the Yubikey
        • 4. Enrolling the public key to Key9
        • 5. Testing and configuring SSH
      • Windows Yubikey Smartcard/PIV instructions
        • 1. Installation of Windows software.
        • 2. Getting the system ready for libykcs11.dll
        • 3. Adding libykcs11.dll to SSH configurations.
        • 4. Generating Keys and Certificates for the Yubikey
        • 5. Enrolling the public key to Key9
        • 6. Testing your SSH key.
      • OpenSSH with Yubikey / FIDO2 protected keys
        • 1. Prerequisites
        • 2. OpenSSH command for Yubkey FIDO2
        • 3. Enrolling your public key to Key9
        • 4. Testing your SSH key
      • Setting a Yubikey PIN without Yubikey software.
        • 1. Using Key9 "registration" to register a new Yubikey PIN.
        • 2. Using "webauthn.io" to register a new Yubikey PIN.
      • RSA Password Protected SSH Key
        • 1. Key9 Settings to allow RSA
        • 2. Generating RSA SSH Key
        • 3. Enrolling your public key to Key9
        • 4. Testing your SSH key
      • Determine your Yubikey Type
        • 1. Linux "lsusb" command
        • 2. MacOS "ioreg" command
        • 3. Windows 11
      • Useful External Links
      • Windows Powershell with Yubikey/FIDO2-protected SSH keys
        • 1. Download OpenSSH for Windows.
        • 2. Setting up your SSH keys
        • 3. Enrolling your public key to Key9
      • Technical Notes
        • Pop!_OS - "agent refused operation"
      • Key9 SSH for Debian 12 [Bookworm] Howto
        • 1. Installing GPG
        • 2. Configuring the Key9 Debian 12 Repo.
        • 3. Configuring the Key9 SSH client
        • 4. Configuring Name Service Switch [/etc/nsswitch.conf]
        • 5. Configuring the OpenSSH server
        • 6. Modifying "sudoers" [optional]
        • 7. Configuring "k9-tail" for logs [optional]
        • 8. Automatic home directory creation [optional]
  • Web
    • Marketplace Applications
      • Amazon Web Services
      • Atlassian Jira
      • Cyera
      • GitBook
      • Google Workspace
      • KnowBe4
      • LibreNMS
      • NetBox
      • SentinalOne
      • Wiz
Powered by GitBook
On this page
  1. Web
  2. Marketplace Applications

Amazon Web Services

Configuring Key9 Identity SAML SSO with AWS

PreviousMarketplace ApplicationsNextAtlassian Jira

Last updated 4 months ago

Setting up Amazon Web Services, requires two extra parameters, Role and RoleSessionName.

You can connect this parameters now if you have the fields configured, or set them later.

The RoleSessionName is typically mapped to the users email address

Configuring SAML SSO for AWS

You will need Admin access to your AWS Console.

  1. Sign in to your AWS Console.

  2. Navigate to the IAM Dashboard (Identity and Access Management).

  3. In the IAM Dashboard, navigate to Access Management > Identity Providers

  4. Click Add provider.

  5. In the Configure provider section, select SAML as the Provider type, enter Key9-Identity as the Provider name.

  6. For the Metadata document, Download SAML Metadata file from the side navigation of your Key9 application, then click Choose file and upload the metadata file.

  7. Then click Add provider.

  8. Copy the ARN displayed. (You will need this later when configuring access)

  9. If you haven't yet, you will need to create a Role, that will be assigned to the Key9 Identity provider.

  10. Click Assign role button, then select whether you will Create a new role or Use an existing role, and follow the AWS docs.

  11. Once you have a Role(s) assigned to Key9 Identity, copy the ARN displayed for each role. (You will need this later when configuring access)

  12. When assigning a role to a user, the value will consist of the AWS ARN role and the AWS ARN provider, separated with a comma.

An example of a role would be: arn:aws:iam::123456789000:role/RoleNameHere,arn:aws:iam::123456789000:saml-provider/Key9-Identity

-------------------

By default, applications are not active upon creation. Active applications are immediately available to assign groups. Applications should only be activated when you have configured the Service Provider (SP).

AWS documentation can be found here.
Please refer to AWS docs for creating a Role