Configure the IAM Identity Center authentication type - Amazon WorkSpaces Secure Browser

Configure the IAM Identity Center authentication type

For the IAM Identity Center type (advanced), you federate IAM Identity Center with your portal. Only select this option if the following applies to you:

  • Your IAM Identity Center is configured in the same AWS account and AWS Region as your web portal.

  • If you are using AWS Organizations, you are using a management account.

Before creating a web portal with the IAM Identity Center authentication type, you must set up IAM Identity Center as a standalone provider. For more information, see Get started with common tasks in IAM Identity Center. Or, you can connect your SAML 2.0 IdP to IAM Identity Center. For more information, see Connect to an external identity provider. Otherwise, you won't have any users or groups to assign to your web portal.

If you are already using IAM Identity Center, you can choose IAM Identity Center as a provider type and follow the steps below to add, view, or remove users or groups from your web portal.

Note

In order to use this authentication type, your IAM Identity Center needs to be in the same AWS account and AWS Region as your WorkSpaces Secure Browser portal. If your IAM Identity Center is in a separate AWS account or AWS Region, follow the instructions for the Standard authentication type. For more information, see Configure the standard authentication type.

If you're using AWS Organizations, you can only create WorkSpaces Secure Browser portals integrated with IAM Identity Center using a management account.

To create a web portal with IAM Identity Center
  1. During portal creation at Step 4: Configure identity provider, choose AWS IAM Identity Center.

  2. Choose Continue with IAM Identity Center.

  3. On the Assign users and groups page, choose the Users and/or Groups tab.

  4. Check the box next to the user(s) or group(s) that you want to add to the portal.

  5. After you create your portal, the users that you associated can sign into WorkSpaces Secure Browser with their IAM Identity Center user name and password.

To manage your web portal with IAM Identity Center
  1. After you create your portal, it is listed in the IAM Identity Center console as a configured application.

  2. To access this application’s configuration, choose Applications in the sidebar, and look for a configured application with a name that matches the display name for your web portal.

    Note

    If you haven’t entered a display name, your portal’s GUID is shown instead. The GUID is the ID that is prefixed to your web portal’s endpoint URL.

To add additional users and groups to an existing web portal
  1. Open the WorkSpaces Secure Browser console at https://console.aws.amazon.com/workspaces-web/home?region=us-east-1#/.

  2. Choose WorkSpaces Secure Browser, Web portals, choose your web portal, and then choose Edit.

  3. Choose Identity provider settings and Assign additional users and groups. From here, you can add users and groups to your web portal.

    Note

    You can't add users or groups from the IAM Identity Center console. You must do this from the edit page of your WorkSpaces Secure Browser portal.

To view or remove users and groups for your web portal
  • You can view or remove user access to this application by using the actions available in the Assigned users table. For more information, see Manage access to applications.

    Note

    You can't view or remove users and groups from the edit page of the WorkSpaces Secure Browserportal. You must do this from the edit page of your IAM Identity Center console.