Many organizations are utilizing an exterior id supplier to handle consumer identities. With an id supplier (IdP), you possibly can handle your consumer identities outdoors of AWS and provides these exterior consumer identities permissions to make use of AWS sources in your AWS accounts. Exterior id suppliers (IdP), comparable to Okta Common Listing, can combine with AWS IAM Identification Middle (successor to AWS Single Signal-On) to be the supply of reality for AWS IoT SiteWise and Fleet Hub for AWS IoT Gadget Administration (Fleet Hub).
AWS IoT SiteWise Monitor and Fleet Hub help a single sign-on (SSO) expertise with AWS IAM Identification Middle authentication. Customers can entry AWS IoT SiteWise Monitor and Fleet Hub with their current company credentials. Identification supplier directors can proceed to handle customers and teams of their current id methods which might then be synchronized with AWS IAM Identification Middle. AWS IAM Identification Middle permits directors to attach their current exterior id suppliers.
On this put up, we present you step-by-step steering to arrange SSO with AWS IoT SiteWise Monitor and Fleet Hub with Okta Common Listing.
Pre-requisites
You should arrange AWS IAM Identification Middle and hook up with Okta Common Listing to make use of the identical Okta consumer login for AWS IoT SiteWise Monitor and Fleet Hub. For directions, see Single Signal-On between Okta Common Listing and AWS
The high-level steps are as follows:
- Allow IAM Identification Middle on the AWS Administration Console. Create this IAM Identification Middle account in the identical AWS Area as AWS IoT SiteWise.
- Add IAM Identification Middle as an utility Okta customers can hook up with.
- Configure the mutual settlement between IAM Identification Middle and Okta, obtain IdP metadata in Okta, and configure an exterior IdP in IAM Identification Middle.
- Allow id synchronization between Okta and IAM Identification Middle.
This setup ensures that when a brand new account is added to Okta and related to the IAM Identification Middle, a corresponding IAM Identification Middle consumer is created routinely.
After you full these steps, you possibly can see the customers assigned on the Okta console as proven under.
You can too see the customers on the IAM Identification Middle console, on the customers web page as proven under.
Configure AWS IoT SiteWise Monitor with IAM Identification Middle authentication
Observe the steps under to finish the AWS SiteWise Monitor with IAM Identification Middle because the authentication methodology.
1.From the AWS IoT SiteWise console, select Monitor from the left navigation after which select Portals. Click on on Create portal button to create a IoT SiteWise portal.
2.For Portal configuration, enter the next:
- Beneath Portal particulars for Portal identify, enter okta-iot-sitewise
- Beneath Person authentication, select AWS IAM Identification Middle
- Beneath Help contact e mail, enter your e mail ID
- Beneath Permissions, select Create and use a brand new service position
3.Beneath Extra options – non-compulsory display, select solely Allow alarms after which, select Create to finish the portal creation.
4.Beneath Invite directors, select customers out of your Okta id retailer after which select Assign Customers to finish the portal configuration.
5.When you full all above steps, the system will create a singular URL in your AWS IoT SiteWise Monitor entry by means of an exterior id supplier like Okta.
Configure Fleet Hub for AWS IoT Gadget Administration with IAM Identification Middle authentication
Observe the steps under to finish the Fleet Hub for AWS IoT Gadget Administration with IAM Identification Middle because the authentication methodology.
1.From the Fleet Hub for AWS IoT Gadget Administration console, select Create utility. It’ll redirect to arrange entry in IAM Identification Middle display as proven under after which select Subsequent.
2.For Index AWS IoT knowledge, maintain all default choices after which,select Subsequent.
3.For Configure utility:
- Beneath Utility position, select Create a brand new service position
- Beneath Position identify, Enter Fleethubrole
- Beneath Utility particulars, for Utility identify enter Fleethub-Okta
- Click on on Add customers and select your exterior id supplier customers as proven under
- Select Add chosen customers to finish the entry assignments. Now the Fleet Hub utility is prepared to be used and you should use your exterior id supplier Okta credentials to entry Fleet Hub.
Accessing AWS IoT SiteWise Monitor and Fleet Hub through IAM Identification Middle
As a consumer, you can begin in one among 3 ways:
AWS IoT SiteWise
1.Begin from the Okta consumer portal web page, choose IAM Identification Middle utility and select AWS IoT SiteWise Monitor.
2.Begin from the IAM Identification Middle consumer portal and it’ll redirect to the Okta login web page for authentication after which,select Fleet Hub.
3.Use the AWS IoT SiteWise Monitor Portal URL as proven above and it’ll redirect to the Okta login web page for authentication.
Fleet Hub
1.Begin from the Okta consumer portal web page, choose IAM Identification Middle utility and select Fleet Hub.
2.Begin from the AWS Identification Middle consumer portal and it’ll redirect to the Okta login web page for authentication after which, select Fleet Hub.
3.Use the Fleet Hub Portal URL as proven above and it’ll redirect to the Okta login web page for authentication.
Cleanup
If you happen to adopted together with this resolution, we advise that you just full the next steps to keep away from incurring expenses to your AWS account upon getting accomplished the stroll by means of.
Conclusion
AWS IoT SiteWise Monitor and Fleet Hub help a single sign-on expertise with IAM Identification Middle authentication. Industrial clients use many various safety instruments and want a straightforward solution to combine with AWS providers. When implementing IIoT options, AWS recommends following the Ten safety golden guidelines. Golden rule #3 discusses the necessity for having distinctive identities and managing consumer identities for IIoT net and cellular apps utilizing Amazon Cognito or third celebration id suppliers like Okta.
On this put up, we confirmed how one can make the most of the brand new IAM Identification Middle capabilities to make use of Okta identities to entry AWS IoT SiteWise Monitor and Fleet Hub for AWS IoT Gadget Administration. Directors can now use a single supply of reality to handle their customers, and customers not must handle a further id and password to check in to their AWS accounts and functions.
IAM Identification Middle with Okta is free to make use of and out there in all Areas the place AWS Identification Middle is obtainable. Please learn the product documentation to be taught extra about AWS IoT SiteWise and the Fleet Hub product documentation to be taught extra about Fleet Hub.
Authors
 Raghavarao Sodabathina is a Principal Options Architect at AWS, specializing in Knowledge Analytics, AI/ML and Serverless platform. He engages with clients to create progressive options that handle buyer enterprise issues and speed up the adoption of AWS providers. In his spare time, Raghavarao enjoys spending time along with his household, studying books, and watching films. |
 Krupanidhi Jay is a Boston-based Enterprise Options Architect at AWS. He’s a seasoned architect with over 20 years of expertise in serving to clients with digital transformation and delivering seamless digital consumer experiences. He enjoys working with clients to assist them construct scalable, cost-effective options in AWS. Outdoors of labor, Jay enjoys spending time with household and touring. |
