AWS IAM Identity Center
  • 18 Oct 2023
  • 3 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

AWS IAM Identity Center

  • Dark
    Light
  • PDF

Article summary

This guide will teach you how to set up the connector between AWS Identity Center and Clarity Security.
Estimated time to complete: 15 minutes
If you run into any problems, please contact your support team or support@claritysecurity.io.


How to Setup the Connector

Step 1: Log in to AWS

AWS Region

Make sure your AWS region is correct once you have logged in.

Step 2: Use the search function to navigate to IAM

Navigate to the IAM (Identity and Access Management) Service within AWS.
aws search for iam

Step 3: Navigate to the Users section

On the IAM service screen, navigate to the Users area on the navigation pane on the left side.
aws iam users

Step 4: Create user

Click the Create user button on the screen, all of your current IAM users should be listed.
aws iam create user

Step 5: Specify user details

Create a user name for your new user, be as descriptive as possible so its easy to understand the purpose of this new service account. (Ex: clarity-aws-iam-ic)
aws iam create username

Step 6: Set permissions

Choose Attach policies directly and using the search box type: "AWSSSO". Select the AWSSSODirectoryAdministrator policy and click Next (bottom right).
aws iam set permissions

Step 7: Review and create

Confirm your user name and the attached policy. If everything matches what you expect, click Create user (bottom right).
aws iam user confirm and create

Step 8: Select your new IAM user

On the IAM Users page (you should be brought here automatically), click on the blue name (clarity-aws-iam-ic in our example) for the user you just created.
aws iam select your new user

Step 9: Click Create access key

On the details srceen for your new user, click the Create access key button in the upper right.
aws iam click create access key

Step 10: Select "Other" user case

On the Access key best practices & alternatives select the Other use case and then click Next (bottom right).
aws iam access key use case

Step 11: Optionally create a tag for the acess key.

Provide an optional tag for the access key, then click Create access key.
aws iam create tag - optional

Step 12: Retrieve access keys

Copy the Access key and Secret access key in a secure location, these will be used later. Click Done once you have recorded these details.
aws iam retrieve access key

Step 13: Use the search function to navigate back to IAM Identity Center

Using the search function at the top of the AWS page, search IAM but this time select IAM Identity Center (successor to AWS Single Sign-On).
aws iam ic search for iam.png

Step 14: Click on settings

Click on the Settings button in the upper left on the AWS IAM IC navigation pane.
aws iam ic settings

Step 15: Collect the Region and Identity store ID

Collect the values for Region and Identity store ID from the settings page, these will be used in a later step.
aws iam ic copy region and store id

Step 16: Log in to your Clarity tenant

Step 17: Click on the Applications page, then Marketplace

Step 18: Search for AWS Identity Center and click Connect

On the Marketplace screen, search (top right) for AWS Identity Center, then click Connect.
Application - Marketplace - AWS Identity Center

Step 19: Fill out the Connect App form

Details for fields common to all applications can be found in the following article: Common App Configuration Steps

access_key_id: This was collected in Step 12.
secret_access_key: This was collected in Step 12.
identity_store_id: This was collected in Step 15.
aws_region: This was collected in Step 15.

AWS Identity Center Clarity Onboarding Step 1

Step 20: Fill out the App Settings form

Details for fields common to all applications can be found in the following article: Common App Configuration Steps
image.png

Step 21: Fill out the User Settings form

Details for fields common to all applications can be found in the following article: Common App Configuration Steps

image.png

Step 22: Validate Your Selections and Save

Save

Clicking the Save button will trigger the first full sync for your application (even if you selected Manual syncing). This includes Service Users, Entitlements, Service User Entitlements, Service User Attributes.


Need help?

If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.