AWS Single Sign On using Authentik as Identity Provider

Personal documentation of integrating AWS with Authentik

When I read the official documentation of Authentik, I was a bit confused at first. So that, I documented it myself here.

In your AWS account, create a role

  1. Go to AWS IAM > Roles > Create new role. I created role for ECR, IAM, and EC2 read only access. AWS Role AWS Policies
  2. Note the ARN

In Authentik

  1. Go to admin interface > on the left menu > Customization > Property Mappings
  2. Add this 2 Property Mappings : Role Property Mapping RoleSessionName Property Mapping
  3. Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
    • ACS URL: https://signin.aws.amazon.com/saml
    • Issuer: authentik
    • Binding: Post
    • Audience: urn:amazon:webservices Advance protocol settings :
    • Signing Certificate : authentik Self-signed Certificate
    • Propery Mappings : Select alief-aws-role and alief-aws-role-session, you can use ctrl/cmd button to multiple select.
  4. Create application. Application
  5. Export metadata from authentik provider to be used later in AWS identity provider. Export metadata

In your AWS account, create identity provider and assign a role to the identity provider

  1. Go to AWS IAM > Access Management > Identity Provider Add Provider AWS Identity Provider
  2. Assign role to identity provider by adding IdP (identity provider) to the trusted entities on the role. Role trusted entities

Try login from authentik

  1. Log out your authentik account and relogin, you will see an application when you succesfully login homepage
  2. Click the application name and it will redirect you to AWS console.
  3. If success, you are now on AWS console page.
  4. Check the account it will show that it is a federated account from authentik. Federated user

References : [1]: https://docs.goauthentik.io/integrations/services/aws/#aws

comments powered by Disqus
Built with Hugo
Theme Stack designed by Jimmy