--- title: "Onboarding an AWS Standalone Application" slug: "onboarding-a-standalone-aws-application" updated: 2026-06-15T11:15:18Z published: 2026-06-15T11:15:18Z canonical: "docs.britive.com/onboarding-a-standalone-aws-application" --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.britive.com/llms.txt > Use this file to discover all available pages before exploring further. # Onboarding an AWS Standalone Application This section describes the steps in onboarding an AWS standalone application to Britive: 1. [Adding an AWS Standalone Application](/v1/docs/onboarding-a-standalone-aws-application#1-adding-an-aws-standalone-application) 2. [Adding an Environment Group](/v1/docs/onboarding-a-standalone-aws-application#2-adding-an-environment-group) 1. [Adding an Environment to the Environment Group](/v1/docs/onboarding-a-standalone-aws-application#21-adding-an-environment-to-the-environment-group)[](https://docs.britive.com/v1/docs/en/onboarding-a-standalone-aws-application#21nbspaddinganenvironmenttotheenvironmentgroup) --- ### 1. Adding an AWS Standalone Application Perform the following steps for adding an AWS standalone tenant application to Britive: Note: Before onboarding the application, ensure that you have completed the onboarding prerequisites mentioned in the [Prerequisites for Onboarding and Profile Access](/v1/docs/prerequisites-aws-onboarding). 1. Log in to the Britive application with administrator privileges. 2. Click **System admin > Tenant Applications**. 3. From the **Tenant Applications** page, click **Create Application**. 4. On the **Add Application** page, click the **Add (+)** sign inline to the AWS Standalone application. The **Create Application** (AWS) page is displayed. On this page, you can see two tabs: **Application** and **Settings**. 5. In the **Application** tab, enter the following values: 1. Enter the **Application Name**. 2. Enter the **Application Description** (optional step). 3. Check **Show AWS Account Numbers** if you want the AWS Account numbers to be displayed in the tenant application. 4. Under **Account Mapping**, you can choose the username or email mapping to map the username or user email, respectively, with the AWS account. 6. Click **Next**. The **Settings** tab is displayed. 7. In the **Settings**tab, enter the following values: - In the **Console Access**section, select the following: - Check the **Display programmatic access keys** to allow the user to copy the credentials to the clipboard after they check out programmatic access profiles. Users can only access the keys through CLI or scripts if the option is not selected. - Check the **Allow copy link for console URL** to allow the user to copy the console URL link after checking out the profile. - In the **Properties** section**,**enter the following values: - **Identity Provider Name** corresponds to the**Provider name** added while adding the Identity Provider to the AWS account. For more information, see [](https://docs.britive.com/v1/docs/en/configuring-identity-provider)[Configuring an Identity Provider in AWS](/v1/docs/configuring-identity-provider)[](https://docs.britive.com/v1/docs/en/configuring-identity-provider). - **Integration Role Name** corresponds to the name of the IAM role within the AWS account of the user. If the role is created with AWS Resource Path, you need to prefix the resource path without a leading slash symbol. For example: If the ARN of the role is *arn:aws:iam::0000000000:role/Security/IAM/Britive_Integration_Role2*, you need to enter *Security/IAM/Britive_Integration_Role2* in the role name. - **Duration of the backend AWS connection (in hours)**corresponds to the **Maximum Session Duration** in an IAM role within the AWS account of the user. For more information, see [](/v1/docs/en/configuring-iam-roles)[Configuring IAM Roles](/v1/docs/configuring-iam-roles)[](/v1/docs/en/configuring-iam-roles). - **Region** corresponds to the AWS region to be used for STS to generate temporary AWS access keys. - **Source Identity Attribute** corresponds to the attribute value for setting Source Identity in CloudTrail logs. Under **Advanced Settings**, select an attribute from the dropdown list to be set in CloudTrail logs. Select **None** to not set any Source Identity. Note that all Britive-managed roles used in profiles need to have ***sts:SetSourceIdentity***action in Trusted relationships. Roles that do not have this action will fail to check out. Trust Relationship configuration in AWS for defining Source Identity: ```EditTrustRelationship {   "Version":"2012-10-17",   "Statement":[      {         "Effect":"Allow",         "Principal":{            "Federated":"arn: aws : iam: : : saml-provider/Britive"         },         "Action":[            "sts : AssumeRolewithSAML",            "sts : SetSourceIdentity"         ],         "Condition":{            "StringEquals":{               "SAML: aud":"https://signin.aws. amazon.com/saml"            }         }      }   ] } ``` - **Profile Settings**: Configure the maximum session duration for profiles. You can select the duration between 15 minutes to 12 hours. This allows to setup expiration duration for each profile while creating/updating the profile up to this configured value. 8. Click **Save**. The page refreshes, and the AWS standalone application is created. To complete the onboarding process for the AWS standalone application, it is also required to create an environment and add the AWS account numbers to the environment. The environment is needed because there is no management account for the AWS standalone application. Also, you need to add an environment for each onboarded AWS standalone application. To add an environment or environment group, use the **Create Entity**button from the top right corner of the **Settings** page (which is visible after you have created the AWS standalone application in Britive). ### 2. Adding an Environment Group Perform the following steps to add an environment group to the newly created AWS standalone application in Britive: 1. From the **Settings** tab on the **Create Application** page, select **Create Entity**. 2. Enter the required values for the following fields in the **Create Environment/Environment Group**pop-up window: - **Entity Type**- You can choose an **Environment Group** (if you want to group a set of standalone AWS accounts in a specific hierarchy) or an **Environment**. Choose **Environment Group.** - **Entity Name**- Enter a name for the environment Group. - **Entity Description**- Optionally, you can enter a description for the environment group. 3. Click **Save**. The page refreshes, and the environment group is visible for the onboarded application. --- #### 2.1 Adding an Environment to the Environment Group For the **Entity Type**, if you choose an **Environment Group**, you need to add the environments within the group- an example is shown here. 1. Within the newly created **Environment Group** page (as explained in section 1.1 above), click **Create Entity**to add an environment. The **Create Environment/Environment Group**window is displayed. 2. In the **Create Environment/Environment Group**pop-up window, select the following fields and provide the required values: - **Entity Type**- In this field, choose **Environment**. - **Entity Name**- Enter a name for the environment. - **Entity Description**- Optionally, you can enter a description for the environment. 3. Click **Save**. The page refreshes, and the environment is visible within the environment group for the onboarded AWS standalone application. 4. Select **Settings**. 5. Under **Account ID**, select **Edit**. 6. Choose the AWS Account ID for the environment. 7. Click **Save and Test**. A message is displayed that the environment is correctly configured. --- #### Error Message In case you have not configured the correct AWS account ID (in step 6 above) in the **Settings** page of the environment, the **Test Failure** error message is displayed. Next, you can view the details of the newly created (onboarded) AWS standalone application and also use the scan functionality for scanning environments in the AWS account. --- *See also:* - For viewing the details of the onboarded AWS application, see [Detailed View of the Onboarded Application](/v1/docs/detailed-view-onboarded-aws-standaloneapp). - For using the scan environments functionality for an onboarded AWS standalone application, see [Scanning Environments](/v1/docs/scanning-environments-1).