User Directory Setup - Amazon Monitron

User Directory Setup

Amazon Monitron uses AWS Single Sign-On (AWS SSO) to manage user access. Users are added from this AWS SSO user directory.

When you create a project, Amazon Monitron automatically detects whether AWS SSO has been enabled and configured on your account and whether all prerequisites for using AWS SSO with Amazon Monitron are satisfied. If not, Amazon Monitron produces an error and provides a list of prerequisites that are needed. You must meet all prerequisites before you can add Admin users. For more information about enabling and configuring AWS SSO for your organization, see AWS Single Sign-On.

How you add an Admin user depends on how AWS SSO has been set up for your organization.

Adding Admin Users Using the Native AWS SSO Directory

The simplest way to add Admin users to your project is by using the AWS SSO native directory. You can use it by starting to use Amazon Monitron and letting it configure AWS SSO at a basic level for you. You can also set up AWS SSO prior to using Amazon Monitron and set it to use the native directory. Either way, you can add users manually and without potentially exposing user identity information to other Admin users beyond name and email.

To add an Admin user when using the native AWS SSO directory

  1. Open the Amazon Monitron console at https://console.aws.amazon.com/monitron .

  2. Choose Create Project.

  3. In the navigation pane, choose the project you want.

  4. On the Users page, choose the users that you want to assign as Admin users. If you can't see a user, search for them.

    The users you choose are displayed in the Selected users section.

  5. If the user you want isn't in the directory, choose Create user to add the user.

    1. Under Create a user, for Email, enter the new Admin user's email address.

    2. For First name and Last name, enter the admin's name.

    3. Choose Create User.

  6. When the user's name appears in the directory list, choose Add to add the Admin users you've selected.

  7. Email the Admin users an invitation to the project that includes a link to download the Amazon Monitron mobile app. For more information, see Sending an Email Invitation.

    Amazon Monitron takes you to the project page for your project, where it lists all Admin users.

  8. To add additional Admin users, choose Add Admin.

    Any Admin user can add other users using the Amazon Monitron mobile app. For more information, see Adding a User in the Amazon Monitron User Guide.

Adding Admin Users Using Microsoft Active Directory

If you use Microsoft Active Directory (AD) for your organization's primary user directory, you can configure AWS SSO to use it. AWS SSO enables you to connect your self-managed Active Directory as your AWS Managed Microsoft AD directory using AWS Directory Service. This Microsoft AD directory provides you with the pool of identities that you can pull from when using the Amazon Monitron console (or Amazon Monitron mobile app) to assign user roles.

All Amazon Monitron Admin users have access to identity information in the user directory that is configured in AWS SSO for Amazon Monitron. We strongly recommend using an isolated directory if you want to limit access to user organization information.

To add an Admin user using Microsoft Active Directory

  1. Configure AWS SSO to connect with your Microsoft Active Directory. The steps involved in this differ depending on whether you're using a self-managed Active Directory or an AWS Managed Microsoft AD directory. For more information, see Connect to Microsoft AD Directory.

  2. Open the Amazon Monitron console at https://console.aws.amazon.com/monitron .

  3. Choose Create Project.

  4. In the navigation pane, choose the project you want.

  5. For Active directory domain, choose the directory domain from which you want to add identities.

  6. Choose Users or Groups, depending on how you want to search the user directory.

  7. Enter a string in the search box to find the identity you want to add and then choose Search.

    To limit the number of users returned, enter a longer string in the search box. For example, if you enter "olg" in the search box, the list returns all users with the letters "olg" in their names, such as "Olga Kurth" and "Jamie Folgman."

  8. Choose the users you want to assign as Admin users.

  9. Choose Add to add the Admin users.

Adding Admin Users Using an External ID Provider

If you're using an external Identity provider (IdP), you can configure AWS SSO to use that provider through the Security Assertion Markup Language (SAML) 2.0 standard. This provides you with the pool of identities in your IdP directory. You can pull this pool when using the Amazon Monitron console (or Amazon Monitron mobile app) and assign them as Admin users. This also enables your users to sign in to Amazon Monitron with their corporate credentials.

All Amazon Monitron Admin users have access to identity information in the user directory that is configured in AWS SSO for Amazon Monitron. We strongly recommend using an isolated directory if you want to limit access to user organization information.

To add an Admin user using an external ID provider (IdP)

  1. Configure AWS SSO to connect with your external IdP. The steps involved in this differ based on the provider you're using. For more information, see Connect to Your External ID Provider.

  2. Open the Amazon Monitron console at https://console.aws.amazon.com/monitron .

  3. Choose Create Project.

  4. In the navigation pane, choose the project you want.

  5. On the Users page, choose the users that you want to assign as Admin users. If you can't see a user, search for them.

  6. Choose Add to add the Admin users.