Integrate Remote Access for AWS environments
This topic describes how to integrate Remote Access and SCA, so that SCA policies can be applied to vendors that need to access AWS cloud environments.
Organizations that use Remote Access to give vendors access to web apps in the User Portal can integrate Remote Access and SCA, and then create applicable policies to enforce zero standing access for these vendors.
When SCA policies are created for vendors, they can authenticate to Remote Access as usual, and select the required AWS web app from the User Portal.
To integrate the services, complete the following steps:
Before you begin
The AWS web app in the User Portal (in the SCA tenant) must be configured to use provisioning.
You must configure Remote Access to communicate with SCA when a vendor accesses a web app from the User Portal. This configuration is done in the Identity Administration SSO functionality.
For information about how to configure the Identity Administration SSO settings, see the Remote Access docs.
You must create a dedicated role in the Identity Administration instance of the SCA tenant that SCA can use to identify your vendors and apply the relevant policies.
After this role is created, use it when inviting any vendor that should be included in an SCA policy.
For information about how to create a role, see the Identity Administration docs.
When you invite vendors in Remote Access, you have to configure several parameters to enable SCA to identify the vendor and apply the relevant policy.
In the Allowed applications area, select the Allow access to Identity web applications option.
in the User provisioning area, do the following:
Select the Remote Access will create and manage the user option.
In the Role field, specify the dedicated role that you created for this purpose.
For more information about inviting vendors, see the Remote Access docs.
When you configure an SCA policy to include Remote Access vendors, ensure that you select the dedicated role that you created in Identity Administration when you add identities to the policy. SCA uses this role to identify the vendor so it can apply the policy.
For more information about creating SCA policies, see Create an AWS policy.
You can only create policies for vendors that have been invited to Remote Access.