This lab will take you through the process of configuring Windows ADFS with AWS IAM, which enables you to access your AWS Management Console with the desired Active Directory users and groups. You will leverage the AWS support for Security Assertion Markup Language (SAML), an open standard used by many identity providers. This feature enables federated single sign-on (SSO), which lets users sign in to the AWS Management Console or make programmatic calls to AWS APIs by using assertions from a SAML-compliant identity provider (IdP) like Active Directory Federation Services (ADFS). To successfully complete this lab, you should be familiar with basic Windows Server administration and also be highly fluent and conceptually solid with the techniques of federated identity and identity providers in general, and SAML, LDAP, Active Directory, and AWS IAM in particular.
Lab Details
Tokens Required: 15 Tokens
Levels: expert
Duration: 01 h:20 m
Access Time: 01 h:57 m
Setup Time: 00 h:04 m
Tags: Windows, spl102, ADFS, federation, SAML, active directory, certificates, trust, RDP, domain controller, security group, Microsoft, subnets, identity provider, SSO, iam, ec2
Language globe Available Languages:

To take a lab in a different language change the default language in your account

En English
Ja 日本語

Reviews 522

  1. Jaison Kuruvilla
    Somewhere in the lab, I was unsuccessful in creating the adfs server or something would not allow the SPN to register.
    Jaison Kuruvilla Reviewed about 1 hour ago
  2. Jonathan Liu

    Jonathan Liu Reviewed 2 days ago
  3. Prashant Shah
    I make a mistake of not changing the server name to adfsserver. hence spn failed. I tried to rename the server. But uninstallation option isn't available to uninstall ADFS, IIS. Will endup repeating the lab. Overll lab is very good. I would say add the step by step diagrams to explain what is being achieved. This is one of the crucial things that I see missing in most of the labs.
    Prashant Shah Reviewed 3 days ago
  4. Aleksandr Khomits

    Aleksandr Khomits Reviewed 3 days ago
  5. Tom Gallagher
    received an error when logging into AWS Still working on lab, got interrupted will restart Principal exists outside the account of the Role being assumed (Service: AWSSecurityTokenService; Status Code: 400; Error Code: ValidationError; Request ID: 6a74c07d-6cc6-11e7-ad70-d56a04b08517). Please try again.
    Tom Gallagher Reviewed 4 days ago