Save the IAM Identity Center application configuration values Save the IAM Identity Center access portal URL Save the Web app URL Updating the global config

Update configuration using AWS AppConfig

In this step, you will collect several configuration values and use them in the authentication configuration section of the solution’s GlobalConfig in AWS AppConfig.

Save the IAM Identity Center application configuration values

In the IAM Identity Center console in the account where IAM Identity Center is enabled, navigate to the custom SAML 2.0 application created in the Create a SAML 2.0 application section.
On the custom application’s page, under Actions, choose Edit configuration. You do not need to edit anything; however, this page contains the authentication configuration values required by the solution.

Save the following values to use in the next step:

Name	Description
IAM Identity Center sign-in URL	Sign-in URL for application authentication
IAM Identity Center sign-out URL	Sign-out URL for redirecting to the access portal sign-out page
IAM Identity Center Certificate	Certificate that should be downloaded
Application SAML audience	SAML audience value that you specified when creating the application

Save the IAM Identity Center access portal URL

The IAM Identity Center Access Portal URL is used to provide direct links to access sandbox accounts in the solution UI.

You can locate this value in the IAM Identity Center console in the account where IAM Identity Center is enabled from the Dashboard page. This page will contain a Settings summary that contains the AWS access portal URL. Save this value.

Save the Web app URL

The Web App URL can be located in the Hub Account as an output on the Compute Stack in the AWS CloudFormation console. Go to CloudFormation > Stacks > YourISBComputeStackName and choose the Outputs tab. The Web App URL will be under the output key CloudFrontDistributionUrl.

Updating the global config

After you have collected all the necessary configuration values, you can update the solution’s global config with them.

Go to the AWS AppConfig console in the Hub Account.
From the left pane, choose Applications.
On the Applications page, choose InnovationSandboxData-Config-Application-XXXXXXX. The Application details display.
Under Configuration Profiles and Feature Flags, choose InnovationSandboxData-Config-GlobalConfigHostedConfiguration-XXXXX configuration profile, and choose View details.
Choose Create version to begin modifying the current configuration.
Set the maintenanceMode to false. This will allow manager and user personas to begin to access the solution.
In the auth section, copy in the corresponding values that you saved in the previous sections (Save the IAM Identity Center application configuration values, Save the IAM Identity Center access portal URL, Save the Web app URL).


...
# Authentication Configuration
auth:
  idpSignInUrl: " "
  idpSignOutUrl: " "
  idpAudience: "isb"
  webAppUrl: " "
  awsAccessPortalUrl: " "
  sessionDurationInMinutes: 60
...

Update the notification section. Enter a valid email that can send emails from Amazon Simple Email Service set up in the pre-requisites. If you have not completed this prerequisite step automated email notifications will not be sent.


...
# Email Notification controls

notification:
  emailFrom: " "
...

Choose Create hosted configuration version.
Choose Start Deployment, and choose the latest hosted configuration version you just created.
Choose Start Deployment.

Note

When updating these configuration values, be mindful of the formatting, white space, and capitalization; otherwise, the solution may not function properly.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Configure the web application

Update values in AWS Secrets Manager