Supported device trust providers Create a device-based trust provider Modify a device-based trust provider Delete a device-based trust provider

Device-based trust providers

You can use device trust providers with AWS Verified Access. You can use one or multiple device trust providers with your Verified Access instance.

Supported device trust providers
Create a device-based trust provider
Modify a device-based trust provider
Delete a device-based trust provider

Supported device trust providers

The following device trust providers can be integrated with Verified Access:

CrowdStrike – Securing private applications with CrowdStrike and Verified Access
Jamf – Integrating Verified Access with Jamf Device Identity
JumpCloud – Integrating JumpCloud and AWS Verified Access

Create a device-based trust provider

Follow these steps to create and configure a device trust provider to use with Verified Access.

To create a Verified Access device trust provider (AWS console)

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Verified Access trust providers, and then Create Verified Access trust provider.
(Optional) For Name tag and Description, enter a name and description for the trust provider.
Enter an identifier to use later when working with policy rules for Policy reference name.
For Trust provider type, select Device identity.
For Device identity type, choose Jamf, CrowdStrike, or JumpCloud.
For Tenant ID, enter the identifier of the tenant application.
(Optional) For Public signing key URL, enter the unique key URL shared by your device trust provider. (This parameter is not required for Jamf, CrowdStrike or Jumpcloud.)
Choose Create Verified Access trust provider.

Note

You will need to add a redirect URI to your OIDC provider's allowlist. You will want to use the DeviceValidationDomain of the Verified Access endpoint for this purpose. This can be found in the AWS Management Console, under the Details tab for your Verified Access endpoint or by using the AWS CLI to describe the endpoint. Add the following to your OIDC provider's allowlist: https://DeviceValidationDomain/oauth2/idpresponse

To create a Verified Access device trust provider (AWS CLI)

create-verified-access-trust-provider (AWS CLI)

Modify a device-based trust provider

After you create a trust provider, you can update its configuration.

To modify a Verified Access device trust provider (AWS console)

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Verified Access trust providers.
Select the trust provider.
Choose Actions, then select Modify Verified Access trust provider.
Modify the description as needed.
(Optional) For Public signing key URL, modify the unique key URL shared by your device trust provider. (This parameter is not required if your device trust provider is Jamf, CrowdStrike or Jumpcloud.)
Choose Modify Verified Access trust provider.

To modify a Verified Access device trust provider (AWS CLI)

modify-verified-access-trust-provider (AWS CLI)

Delete a device-based trust provider

When you are finished with a trust provider, you can delete it.

To delete a Verified Access device trust provider (AWS console)

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Verified Access trust providers.
Select the trust provider you want to delete under Verified Access trust providers.
Choose Actions, then select Delete Verified Access trust provider.
When prompted for confirmation, enter delete, and then choose Delete.

To delete a Verified Access device trust provider (AWS CLI)

delete-verified-access-trust-provider (AWS CLI)

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

User-identity

Verified Access groups