Integrate Remote Access for AWS environments

This topic describes how to integrate Remote Access and SCA, so that SCA policies can be applied to vendors that need to access AWS cloud environments.

Overview

Organizations that use Remote Access to give vendors access to web apps in the User Portal can integrate Remote Access and SCA, and then create applicable policies to enforce zero standing access for these vendors.

When SCA policies are created for vendors, they can authenticate to Remote Access as usual, and select the required AWS web app from the User Portal.

To integrate the services, complete the following steps:

  1. Configure the Identity SSO settings in Remote Access

  2. Create a dedicated role in the SCA tenant

  3. Invite the vendors in Remote Access

  4. Configure the SCA policy

Before you begin

The AWS web app in the User Portal (in the SCA tenant) must be configured to use provisioning.

Step 1: Configure the Identity SSO settings in Remote Access

You must configure Remote Access to communicate with SCA when a vendor accesses a web app from the User Portal. This configuration is done in the Identity Administration SSO functionality.

For information about how to configure the Identity Administration SSO settings, see the Remote Access docs.

Step 2: Create a dedicated role in the SCA tenant

You must create a dedicated role in the Identity Administration instance of the SCA tenant that SCA can use to identify your vendors and apply the relevant policies.

After this role is created, use it when inviting any vendor that should be included in an SCA policy.

For information about how to create a role, see the Identity Administration docs.

Step 3: Invite the vendors in Remote Access

When you invite vendors in Remote Access, you have to configure several parameters to enable SCA to identify the vendor and apply the relevant policy.

  1. In the Allowed applications area, select the Allow access to Identity web applications option.

  2. in the User provisioning area, do the following:

    1. Select the Remote Access will create and manage the user option.

    2. In the Role field, specify the dedicated role that you created for this purpose.

For more information about inviting vendors, see the Remote Access docs.

Step 4: Configure the SCA policy

When you configure an SCA policy to include Remote Access vendors, ensure that you select the dedicated role that you created in Identity Administration when you add identities to the policy. SCA uses this role to identify the vendor so it can apply the policy.

For more information about creating SCA policies, see Create an AWS policy.

You can only create policies for vendors that have been invited to Remote Access.