Associating Cloudivize to your AWS Account

Cross-Account IAM Role for Access Management

To create a role in the owning account to be managed by Cloudivize, follow these steps 

Single-Sign-On Usage

 

User Login at SSO Account

When Cloudivize account is configured as AWS SSO, users defined at the customer AWS SSO Service can use the AWS SSO Portal to login once and to open Cloudivize directly from there (it will appear at the defined applications list), with the defined Roles & Credentials defined for each user.

 

To Login follow the simple Steps:

  • Go to your AWS SSO Portal URL (format https://d-XXXX.awsapps.com/start).

  • Login as you do regularly with your AWS SSO credentials.

  • Click on Cloudivize application defined by your Administrator (you can get the exact Application name from your administrator).

  • You will be directed to a landing page where you need to “Approve access to Cloudivize” before continuing to Cloudivize​.

  • You will be directed to a landing page where you need to allow Cloudivize to connect to your account. Click "Approve access to Cloudivize" this will open a new browser tab to confirm your approval.

  • At the new tab click the "Sign in to AWS CLI" to confirm your approval

    • Please ignore usage of “AWS CLI” naming at the approval page. This is AWS limitation and may change at the future to show the real application name.

  • Switch back to the approval landing page and click Continue to Cloudivize, this will open Cloudivize directly with the appropriate permission.

Users Management at SSO Mode

At Cloudivize Account Setting -> Manage Users, administrators still can see the users at this Cloudivize account. This view is not for defining or inviting users, it is just to show the SSO users that already connected to Cloudivize.

Here are more details:

  • Clearly, managing users at SSO mode done at AWS SSO Service, and not Cloudivize. Cloudivize only caches the users basic information (name, email) at first login of that user.

  • Removing any user from Manage Users view means nothing. The user can still login and the his user will be cached again

  • Changing user permission/role at AWS SSO Service reflected automatically to Cloudivize and no farther action is needed. At Cloudivize, the user gets access only to the AWs Accounts that he is granted to access.

  • When Administrator Deactivate Cloudivize Account, SSO Users of that account can not login again to Cloudivize.

  • Administrator can limit Cloudivize Role (Viewer or Author) to any User within his account as usual

Disconnect Cloudivize Account from AWS SSO

Administrator (the original user created the Cloudivize root account) can disconnect from AWS SSO and revert back to IAM role configuration.

  • From Cloudivize Account Settings unchecked SSO Account

  • Confirm

With this action (disconnecting SSO) all previous configuration will be deleted, including all users. Thus, SSO users will no longer be able to use this account or use Cloudivize anymore 

  • White Twitter Icon

Copyright © Cloudivize Technologies LTD. 2020. All Rights Reserved

See & Operate Cloud Like Never Before