AWS SSO is a free service that allows AWS administrators to centrally manage human user access to AWS accounts and applications. Available features let administrators configure the SSO process, assign user roles, and provide access with existing Cornell credentials and Two-Step Login authentication.

Benefits of using AWS SSO include:

• Temporary keys for programmatic access for human users
• Having a backup solution to access AWS console if Shibboleth is unavailable
• Secure, session time-based access including multi-factor authentication (Cornell Two-Step Login using DUO)
• AWS SSO is an Amazon service and supported by Cornell’s Enterprise Support Contract
• Customer controlled access to AWS via Active Directory groups -- no submitting tickets for basic access requests to your own AWS Account
• No cost for this free service
• Compatibility with AWS CLI v2—if awscli-login is not working, AWS SSO can be your solution
• Ability to manage your own permissions for AWS SSO IAM roles, with the support of customer managed policies

If you are ready to request the AWS SSO service, fill out the AWS SSO request form.

For more about the solution:

• To read more technical detail about this solution, visit the AWS SSO Confluence page (requires Cornell Confluence login). 
• To ask a question about this service, contact the Cloud Services team at cloud-support@cornell.edu.