- Print
- PDF
Further Steps in Profile Management
- Print
- PDF
Once you have associated Britive as the Identity Provider with the new or existing IAM roles in the onboarded AWS applications, you can now use Britive to check out and check in user profiles in the AWS application.
First, you need to create user profiles in Britive that correspond to the IAM roles in AWS. Then, you can use the check-out or check-in functionalities in Britive for checking out or checking in AWS profiles, respectively.
The following configurations can be done on each of the profiles:
- Using Session Attributes
- Configuring a Console URL
Using Session Attributes
When the AWS IAM role is configured to accept session tags, then you should create the corresponding session attributes in the Britive profile of the onboarded AWS application.
Adding Session Attributes in Britive
In Britive, you can add Session Attributes by selecting the ADD SESSION ATTRIBUTE option in the Profiles menu of the onboarded AWS tenant application.
You can add two types of attributes: Identity and Static.
The identity attribute is the Britive identity attribute of the user. For example, First Name. The value of the identity attribute depends on the specific identity value of the user that maps to the attribute. For example, if the identity attribute is First Name, then the value of the identity attribute is the First name of the user, for example, "Bob".
The Static attribute is a name-value pair.
Associating Session Attribute with AWS IAM Role
In AWS you need to associate the same session tag that you have defined in Britive with the AWS IAM role.
Perform the following steps to associate the Britive session attribute with the AWS IAM Role:
- In AWS, go to IAM > Access management > Roles.
- Select the IAM Role.
- Under Trust relationships, click Edit trust policy and enter the same session attribute mapping name, that you have defined in the profile of the onboarded AWS tenant application in Britive. Click Update policy.
- View the session attribute configuration in the policy document.
Configuring a Console URL
An administrator can specify a custom console URL for each profile for accessing the application. When the users access the console URL, they are directed to a specific URL rather than the default landing page of the AWS portal.
In Britive, you can add the console URL through the Profiles menu of the onboarded AWS tenant application.
Enter the console URL after deselecting the Use Default App Console URL field.