Caylent Catalysts™
AWS Control Tower
Establish a Landing Zone tailored to your requirements through a series of interactive workshops and accelerators, creating a production-ready AWS foundation.
Learn how AWS SSO works with AWS Control Tower, for multi-account identity and access management.
What's new with AWS SSO for AWS Control Tower and what do you like about it?
AWS SSO has become very powerful over the last year or two. It's become a de facto standard for connecting your identity to AWS. Other companies may have hesitated to use it because it wasn't as fully featured two years ago, but now it has everything that you would need to connect your active directory into AWS.
You can do things like filtering users while scoping. You can define the scope to be narrow in an OU. If you have a very large footprint in AWS Directory Service, that's very helpful. It also connects into Azure AD. If you're a user of that and GCP, it serves both of those very well. It really is a standard now and it's the default that we use for all deployments.
What are some of the benefits of using AWS SSO for AWS Control Tower over, say, an external SSO provider?
Well, the first thing is that it's free. AWS does not charge for AWS SSO.If you decide to run an AWS Directory Service instance or another service that's managed by AWS, there will be charges for that.
But AWS SSO itself is no cost to you and it's tightly integrated into AWS. So your normal workflow of using AWS APIs to interact with it, are connected in, as part of AWS SSO. And so you can use it, connect to it, you can pull keys and you can use it for CLI access. It's just all tight knit in one package that you can control all of your footprint in AWS with.
That's awesome. And you can integrate it with any SAML compliant IDP that's out there. So to tie this all together, Caylent is recommending AWS SSO for Control Tower, and we offer it as part of our AWS Control Tower Caylent Catalyst offering.
If you’re looking to set up secure cloud foundations for your applications on AWS, Caylent’s experts can help you setup multi-account governance and management through our AWS Control Tower Caylent Catalyst. Get in touch with our team to learn how we can help!
Zach Tuttle is a Principal Customer Solutions Architect with over 25 years of IT experience, including a decade focused on on-premise VMware-based data centers. For the past nine years, he has been working with AWS partners, empowering customers to successfully build and innovate on AWS. Zach is particularly passionate about guiding customers through their initial steps into cloud computing and DevOps. He enjoys being involved with his two kids sports activities, cooking and home DIY renovation.
View Zach's articlesLearn how organizations can protect sensitive data using Amazon OpenSearch's security features like fine-grained access controls, encryption, authentication, and audit logging.
Generative AI has become a popular buzz-word, but there is still a lot of confusion around what GenAI actually is and what it is capable of. Join Caylent’s Randall Hunt and Mark Olson as they debunk common myths and misconceptions surrounding GenAI, along with some hot takes.
As companies race to take advantage of the innovative potential that Generative AI has to offer, it’s important to remember the responsibility of upholding ethical and fair practices, preventing the generation of harmful, biased, or misleading content. Join Caylent’s Brian Tarbox as he explores some key ethical considerations that organizations should be aware of.