Our AWS integration uses a dedicated Amazon Web Service based connector for managing AWS services.
We use SCIM protocols to connect to your AWS instance using REST APIs.
Account in AWS
IDHub pulls all AWS user account information from your AWS Instance.
User Account attribute we fetch includes (but not limited to):
- First Name
- Last Name
- Display Name
- Email-Addresses (As a unique identifier)
Our customers can choose to fetch any other attributes apart from the above as per their individual needs. With our Attribute based Access Control (ABAC), you can decide which information will be used on new user creation and which ones on user modifications.
Entitlements in AWS
IDHub AWS Connector pulls only 2 types of entitlement from AWS for provisioning and de-provisioning.
Employees of your organization can request for these as needed.
As part of AWS connector, we establish connection with AWS to fetch all aws groups.
All the above groups pulled are considered as ‘Entitlements’
Users will be able to request for these from IDHub.
Upon completion of approvals based on request workflow defined by you on a particular group, the users will automatically get access to the requested group by our automated fulfillment, thus automatically providing associated policy access.
As part of AWS connector, we also fetch all aws policies. These are also ‘Entitlements’ in IDHub.
Users will be able to request for these individually from IDHub.
Upon completion of approvals based on request workflow defined by you on a particular policy, the users will automatically get access to the requested policy by our automated fulfillment.
Note: If a policy is directly requested and not via a group, then on revocation of group, policy will not be removed from the user account as that was requested explicitly outside of group based policy access.
Support and Maintenance
IDHub provides out of the box connector issue support and timely maintenance as a standard quality guarantee for all of our customers having our Cloud solution. However, any customization made to existing connectors requires managed services support plan for support and maintenance.