Cloud Security
Published in

Cloud Security

AWS SCIM and AWS IAM Identity Center

AWS.151 Taking a look at AWS SCIM options

AWS SCIM Documentation

Where do your identities end up when you use AWS SCIM per the AWS documentation?

  • The first option would be to store all your users in a directory at AWS. I explained what directories are in my post on identity providers (IdPs).
  • I could change this here to an External Identity Provider and choose to integrate with Okta, for example.
  • There’s also an option to integrate with Active Directory, which technically could be an External Identity Provider as well, but AWS offers different mechanisms for using Active Directory in or with your AWS account.

Using an IdP With AWS IAM

AWS SCIM Attack Surface

  • Create a user in Okta
  • Obtain the credentials
  • Assign the user to a group in Okta
  • Wait for the SCIM syncing process to complete.
  • Log into AWS and do whatever that user based on the group permissions?

Concerns with AWS Identity Center and Okta Integration via SCIM

for this story or refer others to follow me.
Follow on Medium: Teri Radichel
Sign up for Email List: Teri Radichel
Follow on Twitter: @teriradichel
Follow on Mastodon:
Follow on Post: @teriradichel
Like on Facebook: 2nd Sight Lab
Buy a Book: Teri Radichel on Amazon
Buy me a coffee:
Teri Radichel
Request services via LinkedIn:
Teri Radichel or through IANS Research
Slideshare: Presentations by Teri Radichel
Speakerdeck: Presentations by Teri Radichel
Recognition: SANS Difference Makers Award, AWS Hero, IANS Faculty
Certifications: SANS
Education: BA Business, Master of Sofware Engineering, Master of Infosec
How I got into security: Woman in tech
Company (Penetration Tests, Assessments, Training): 2nd Sight Lab



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Teri Radichel

Cloud Security Training and Penetration Testing | GSE, GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN | AWS Hero | Infragard | IANS Faculty |