• Open the NoPassword Admin Dashboard. Select “Applications” from the left side menu and then select “Web App” from the submenu.

add sso click webapp

 

  • Click on “+ Add SSO App” button from the upper right corner.

Add new sso app

 

  •  A pop-up window will appear. Under the section: “1. Select your app”, click on “Search…” and type AWS to search the NoPassword Catalog. Select AWS from the drop-down menu.

Add sso app catalog

 

  • Expand the Identity Provider section, and click on the arrow button to download both NoPassword Certificate fingerprint and Certificate file to your computer.

NoPassword SAML integration Metadata

 

  •  Under the “Security and Identity” section of the console, click on “Identity & Access Management”.

aws 1

 

  •  Click on “Identity Provider” on the left side menu,  then click on “Create Provider”.

aws 2_1

003 - aws - create new idp

 

  • Click on the “Choose a provider type” and choose “SAML” from the drop-down menu.

004 - aws - select idp type

 

  •  Enter “NoPassword” as the Provider Name, then click on the “Choose File” to upload the Metadata file that you downloaded in step 3. Once uploaded, click on the “Next Step” button.

aws3

 

  •  Click on the “Create” button, on the bottom right corner of the page.

aws4

 

  •  At this point, you have completed creating a SAML provider. All you need is to create a role.

From the left-hand side menu, click on “Roles”. If you have already created roles, select one. If you don’t have any roles, click on “Create New Role” to create one.

aws5

aws6

 

  •  First, select a name and click on the “Next Step”.
    Example: In this case, we chose “Admin”.

aws7

 

  • Select “Role for Identity Provider Access”.

Then, click on the “Select” button next to “Grant Web Single Sign-On (WebSSO) access to SAML provider”.

aws8-1

 

  • Select “NoPassword” as the SAML provider and click on “Next Step”.

aws9

 

  •  Click “Next Step” on the Verify Role Trust page.

aws10

 

  • Select one or more policies (we selected administrator access in this tutorial) and click on the “Next Step” button.

aws11

 

  •  On the “Review” page, copy “Role ARN” and “Trusted Entities” to enter it in the NoPassword Admin portal.

Then, click on “Create Role”.

aws12

 

  • Go back to the browser tab where you had NoPassword Admin portal open.
  • Expand the Service Provider section, paste the following URL into the ACS URL text box:

aws.amazon.com

app setup w_background sp - ACS and save

 

  •  Expand the Advanced section, paste the following information:

Role: paste the “Role ARN” that you copied in step 16 from AWS dashboard
Example: arn:aws:iam::**************role/admin

IdP: paste the “Trusted Entity” that you copied in step 16 from AWS dashboard
Example: arn:aws:iam::**************saml-provider/NoPassword

  • Click on “Save”.

app setup w_background advanced role idp

 

AWS app is now configured! You can assign users, groups or organizational units to the AWS app. Please see Administrator Guideline document for instructions. Don’t hesitate to contact us at 877-877-5587 or support@nopass.com in case of a question.