Opal + AWS SSO / IAM Identity Center

‍

Opal + AWS SSO / IAM Identity Center Use cases

Protect against breaches with least privilege

• Grant just-in-time access to permission sets and groups that are auto-expiring and fully audited using Slack
• Ensure that privileged roles have the appropriate identity governance and approval configurations, such as multi-stage approvals, max duration, custom fields, and more

Accelerate employee access on paved roads

• Enable resource owners with the most context to approve access requests and provision access automatically via Slack
• Accelerate employee onboarding by enabling managers to request on behalf of their reports or enabling self-service discovery of resource bundles
• Automate on-call access by provisioning and deprovisioning access via on-call schedules

Simplify compliance without manual overhead

• Automate user access reviews so compliance teams can snapshot user listings, assign reviewers to self-service reviews, propagate access changes, and generate an auditor-friendly access report
• Review access of employees who have recently transferred roles or departments

Native engineering workflows

To support native developer workflows, Opal has:

• Easy way for developers to start sessions via the web or CLI

‍

AWS SSO / IAM Identity Center Overview

AWS IAM Identity Center (successor to AWS Single Sign-On) helps you securely create or connect your workforce identities and manage their access centrally across AWS accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization on AWS for organizations of any size and type.

Opal + AWS SSO / IAM Identity Center Integration Overview

Opal's management plane allows you to take control of your permission sets by providing seamless assignment of permission sets to users or groups, and just-in-time access workflows, helping eliminate long-standing access to sensitive permission sets. Additionally, with AWS IAM Identity Center’s authorization scheme, Opal is only allowed to provision access to users in your IAM Identity Center instance, keeping your AWS infrastructure secure even if Opal were to experience a security breach.

For more information, we have a written a multi-account AWS deployment guide.

AWS SSO / IAM Identity Center Integration Setup

Setting up AWS is easy and Opal can import all AWS resources in minutes.

‍

‍