Byon July 29, 2019
Single Sign-on (SSO) is an integral part of most organizations identity management strategy today. The average employee accesses several Software as a Service (SaaS) services a day. Without SSO, users must create (and more importantly continuously manage), passwords or credentials for each SaaS app that they access, adding overhead and increasing the likelihood of security issues. At the same time, users now expect to access SaaS apps from different devices and locations, whether in the office, at home, or in public areas. Administrators, therefore, have to balance security and convenience. With SSO, users have one set of organization credentials that they use for one-click access to SaaS applications on various devices including mobile. SSO eliminates the use of simple passwords that present a security risk, while also reducing helpdesk costs of managing passwords.
This blog post will introduce Amazon Business SSO, explain its key features and benefits, and describe how to get started. To learn more about Amazon Business SSO, visit our page here.
SSO provides your employees secure, centralized, and simple access to Amazon Business
SSO integration provides a secure, centralized, and simple way to access Amazon Business, and is available to all Amazon Business customers. With SSO, you can enable federated SSO authentication using Security Assertion Markup Language (SAML) 2.0 with identity providers, so that your users can use existing organization credentials. This raises the security bar by removing the need to create and manage new credentials, simplifying onboarding friction for new users, centralizing the authentication process, and reducing the overhead of managing user access, while providing your employees a seamless purchasing experience.
Customers add employees to purchase on Amazon Business by inviting users, who then receive invitation emails to complete a user registration process. However, for organizations with a large number of employees, tracking invitations and following up with employees to complete the registration process is sometimes cumbersome. In addition, customers who already have SSO implementations don’t want their users to have additional credentials to access Amazon Business. IT security policies sometimes mandate SSO access to apps, and customers want to set up SSO to provide a secure, centralized, and consistent experience for their employees.
Amazon Business’ SSO integration allows you to set up SSO with a variety of identity providers such as Okta, OneLogin, Microsoft Azure AD, Microsoft ADFS, AWS SSO, OpenAM, and Shibboleth using SAML 2.0. The key benefits of this feature are:
Getting started with Amazon Business SSO
There are two ways to get started:
There are three steps to setting up SSO - 1) Setting up the pre-configured Amazon Business app on Okta; 2) Providing your Okta metadata and attribute mapping information to Amazon Business; 3) Testing your SSO connection and activating it for your business account.
Note: SSO is set up for your business account. Hence, before getting started, make sure you are the Administrator of your business account. Also, keep your IT team on standby for any information you may need.
Step 1: Set up the Amazon Business application on Okta: Navigate to your Okta Admin portal and choose “Add Apps” and search for and add Amazon Business, as shown below.
Download the metadata file from the app. You will need to upload it to Amazon Business.
Step 2: Complete the SSO set up wizard on Amazon Business: Navigate to your Amazon Business account and click on Single Sign-On within Business Settings. You can then walkthrough the SSO set up wizard by first selecting Okta as your identity provider (IDP). If you don’t find your IDP in the list, please create a help ticket and we will reach out to you.
Provide the default group and role that just-in-time (i.e. new users to Amazon Business) provisioned users will be created into. Then upload the metadata you received from Okta. Finally, provide the attribute mapping values to match the Name attribute in Okta (an example is shown below).
Step 3: Test your SSO connection and activate SSO on your business account
Once you have successfully tested and activated SSO, you can also enable IDP-initiated SSO, You’ll be given an IDP-initiated URL on the SSO Connection Details page.
Copy this URL, go back to your Amazon Business app on Okta, and navigate to the Sign On tab. Click Edit and replace the value in SSO URL field with the IDP-initiated URL you just copied.
This blogpost introduced the Amazon Business Single Sign-on (SSO) and its key benefits. SSO integration gives your users secure, centralized, and simple access to Amazon Business. Amazon Business provides SSO integration with common identity providers such as Okta, OneLogin, AWS SSO, Azure AD, and many more using SAML 2.0. It also described how to set up SSO for your Amazon Business account with a simple and easy-to-use wizard. To learn more about Amazon Business SSO, visit our page here.