Many organizations are utilizing an exterior id supplier to handle person identities. With an id supplier (IdP), you may handle your person identities exterior of AWS and provides these exterior person identities permissions to make use of AWS assets in your AWS accounts. Exterior id suppliers (IdP), reminiscent of Okta Common Listing, can combine with AWS IAM Identification Middle (successor to AWS Single Signal-On) to be the supply of fact for AWS IoT SiteWise and Fleet Hub for AWS IoT Gadget Administration (Fleet Hub).
AWS IoT SiteWise Monitor and Fleet Hub assist a single sign-on (SSO) expertise with AWS IAM Identification Middle authentication. Customers can entry AWS IoT SiteWise Monitor and Fleet Hub with their current company credentials. Identification supplier directors can proceed to handle customers and teams of their current id programs which may then be synchronized with AWS IAM Identification Middle. AWS IAM Identification Middle permits directors to attach their current exterior id suppliers.
On this put up, we present you step-by-step steering to arrange SSO with AWS IoT SiteWise Monitor and Fleet Hub with Okta Common Listing.
Pre-requisites
It is advisable arrange AWS IAM Identification Middle and connect with Okta Common Listing to make use of the identical Okta person login for AWS IoT SiteWise Monitor and Fleet Hub. For directions, see Single Signal-On between Okta Common Listing and AWS
The high-level steps are as follows:
- Allow IAM Identification Middle on the AWS Administration Console. Create this IAM Identification Middle account in the identical AWS Area as AWS IoT SiteWise.
- Add IAM Identification Middle as an software Okta customers can connect with.
- Configure the mutual settlement between IAM Identification Middle and Okta, obtain IdP metadata in Okta, and configure an exterior IdP in IAM Identification Middle.
- Allow id synchronization between Okta and IAM Identification Middle.
This setup ensures that when a brand new account is added to Okta and related to the IAM Identification Middle, a corresponding IAM Identification Middle person is created routinely.
After you full these steps, you may see the customers assigned on the Okta console as proven beneath.
You may as well see the customers on the IAM Identification Middle console, on the customers web page as proven beneath.
Configure AWS IoT SiteWise Monitor with IAM Identification Middle authentication
Observe the steps beneath to finish the AWS SiteWise Monitor with IAM Identification Middle because the authentication technique.
1.From the AWS IoT SiteWise console, select Monitor from the left navigation after which select Portals. Click on on Create portal button to create a IoT SiteWise portal.
2.For Portal configuration, enter the next:
- Beneath Portal particulars for Portal title, enter okta-iot-sitewise
- Beneath Consumer authentication, select AWS IAM Identification Middle
- Beneath Help contact e-mail, enter your e-mail ID
- Beneath Permissions, select Create and use a brand new service position
3.Beneath Further options – optionally available display screen, select solely Allow alarms after which, select Create to finish the portal creation.
4.Beneath Invite directors, select customers out of your Okta id retailer after which select Assign Customers to finish the portal configuration.
5.When you full all above steps, the system will create a novel URL in your AWS IoT SiteWise Monitor entry by way of an exterior id supplier like Okta.
Configure Fleet Hub for AWS IoT Gadget Administration with IAM Identification Middle authentication
Observe the steps beneath to finish the Fleet Hub for AWS IoT Gadget Administration with IAM Identification Middle because the authentication technique.
1.From the Fleet Hub for AWS IoT Gadget Administration console, select Create software. It’ll redirect to arrange entry in IAM Identification Middle display screen as proven beneath after which select Subsequent.
2.For Index AWS IoT knowledge, maintain all default choices after which,select Subsequent.
3.For Configure software:
- Beneath Utility position, select Create a brand new service position
- Beneath Position title, Enter Fleethubrole
- Beneath Utility particulars, for Utility title enter Fleethub-Okta                                                                                                                                                                     Â
- Â Click on on Add customers and select your exterior id supplier customers as proven beneath
- Select Add chosen customers to finish the entry assignments. Now the Fleet Hub software is prepared to be used and you need to use your exterior id supplier Okta credentials to entry Fleet Hub.
Accessing AWS IoT SiteWise Monitor and Fleet Hub by way of IAM Identification Middle
As a person, you can begin in one in all 3 ways:
AWS IoT SiteWise
1.Begin from the Okta person portal web page, choose IAM Identification Middle software and select AWS IoT SiteWise Monitor.
2.Begin from the IAM Identification Middle person portal and it’ll redirect to the Okta login web page for authentication after which,select Fleet Hub.
3.Use the AWS IoT SiteWise Monitor Portal URL as proven above and it’ll redirect to the Okta login web page for authentication.
Fleet Hub
1.Begin from the Okta person portal web page, choose IAM Identification Middle software and select Fleet Hub.
2.Begin from the AWS Identification Middle person portal and it’ll redirect to the Okta login web page for authentication after which, select Fleet Hub.
3.Use the Fleet Hub Portal URL as proven above and it’ll redirect to the Okta login web page for authentication.
Cleanup
In case you adopted together with this answer, we recommend that you just full the next steps to keep away from incurring fees to your AWS account after you have accomplished the stroll by way of.
Conclusion
AWS IoT SiteWise Monitor and Fleet Hub assist a single sign-on expertise with IAM Identification Middle authentication. Industrial prospects use many alternative safety instruments and wish a straightforward option to combine with AWS companies. When implementing IIoT options, AWS recommends following the Ten safety golden guidelines. Golden rule #3 discusses the necessity for having distinctive identities and managing person identities for IIoT internet and cell apps utilizing Amazon Cognito or third get together id suppliers like Okta.
On this put up, we confirmed how one can reap the benefits of the brand new IAM Identification Middle capabilities to make use of Okta identities to entry AWS IoT SiteWise Monitor and Fleet Hub for AWS IoT Gadget Administration. Directors can now use a single supply of fact to handle their customers, and customers now not must handle an extra id and password to check in to their AWS accounts and purposes.
IAM Identification Middle with Okta is free to make use of and out there in all Areas the place AWS Identification Middle is accessible. Please learn the product documentation to study extra about AWS IoT SiteWise and the Fleet Hub product documentation to study extra about Fleet Hub.
Authors
 Raghavarao Sodabathina is a Principal Options Architect at AWS, specializing in Information Analytics, AI/ML and Serverless platform. He engages with prospects to create revolutionary options that deal with buyer enterprise issues and speed up the adoption of AWS companies. In his spare time, Raghavarao enjoys spending time together with his household, studying books, and watching motion pictures. |
 Krupanidhi Jay is a Boston-based Enterprise Options Architect at AWS. He’s a seasoned architect with over 20 years of expertise in serving to prospects with digital transformation and delivering seamless digital person experiences. He enjoys working with prospects to assist them construct scalable, cost-effective options in AWS. Exterior of labor, Jay enjoys spending time with household and touring. |
