Research Hub > IAM SSO Streamlines Onboarding and Offboarding AWS Users
Use Case
3 min

IAM SSO Streamlines Onboarding and Offboarding AWS Users

With industrial IoT and commercial telematics demanding advanced identity management, see how the IAM SSO Federation facilitates just-in-time access.

CDW Expert CDW Expert

Protecting data when third parties are involved

47%

percentage of CISOs whose organizations have experienced an identity management attack in the last year1

20%

percentage increase in access broker ads on the dark web by threat actors ramping up credential-based attacks2

Can robust security coexist with seamless workstreams?

A REAL-WORLD EXAMPLE

A Major Migration Can’t Slow Down for Security

An electronic instrument manufacturer needed assistance with cloud governance and platform engineering to prepare for a major migration from its data center.

Since this work involved multiple third-party vendors and contractors, the manufacturer also needed a secure identity management solution that allowed easy onboarding and offboarding of users to AWS environments. The manufacturer worked with CDW to implement a just-in-time access solution that would be:

  • Well architected
  • Easy to implement
  • Transparent
  • Compliant with cybersecurity directives and existing procedural guidelines for onboarding through Microsoft Enterprise Active Directory

THE TURNING POINT

Securely Automating User Access

To automate user provisioning and de-provisioning, CDW helped set up the IAM SSO (Identity Access Management Single Sign-on) Federation with SCIM (System for Cross-domain Identity Management). This helped establish an accurate record and allowed for just-in-time access — a security strategy that minimizes the risk of unauthorized access by granting permissions only when they’re needed, for a limited time.

Granting access just before it’s needed, and automatically revoking it once the task is completed, reduces the attack surface and limits the window of opportunity for potential breaches.

Leveraging Microsoft Enterprise AD to manage groups, automate onboarding processes and implement MFA (multifactor authentication) kept the manufacturer’s workstreams seamless. It also facilitated AWS access without the need for extensive work or attribute mapping, which had already been completed in previous initiatives.

THE RESULTS

Robust Security that Doesn’t Disrupt Workstreams

A female IT professional works at a desk surrounded by multiple monitors.

With the deployment of the IAM SSO Federation, the instrument manufacturer was able to achieve organizational identity management and access without disrupting any existing onboarding/offboarding automation.

Here’s why it worked:

  • CDW helped the manufacturer’s IT team leverage the identity provider (Entra AD) and AWS organizations’ single sign-on.
  • The IAM Identity Center, permission sets and SCIM integration are centrally managed and maintained through a single interface.
  • This framework gives users a seamless and secure experience.

What’s next?

With the secure completion of its migration, the instrument manufacturer can now confidently keep pace with the rapid development of industrial IoT and commercial telematics.

“The AWS IAM Identity Center and SCIM integration introduced automation, streamlined provisioning, consistent access control and compliance. It established robust identity management and enhanced security across the entire cloud ecosystem.”

Mike Wiseley, CDW Principal Consultant for Digital Velocity

AWS Partner Tier Services

Sources:
1 Splunk, “State of Security: The Race to Harness AI,” 2024
2 Crowdstrike, “2024 Global Threat Report,” data from 2022–23

Read the Latest from Our Experts

View All

CSS - MUST BE APPLIED GRID TO PAGES WITH CARDS

Custom card CSS

CSS - APPLY GRID TO ALL REBRAND PAGES


Custom Cards CSS

 

Additional CSS for updating global styles