HomeBig DataFederate entry to SageMaker Unified Studio with AWS IAM Id Middle and...
Big Data

Federate entry to SageMaker Unified Studio with AWS IAM Id Middle and Okta

By Jules Jackson
0
5
Federate entry to SageMaker Unified Studio with AWS IAM Id Middle and Okta


Many organizations are utilizing an exterior id supplier to handle person identities. With an id supplier (IdP), you’ll be able to handle your person identities outdoors of AWS and provides these exterior person identities permissions to make use of AWS sources in your AWS accounts. Exterior id suppliers (IdP), comparable to Okta Common Listing, can combine with AWS IAM Id Middle to be the supply of reality for Amazon SageMaker Unified Studio.

Amazon SageMaker Unified Studio helps a single sign-on (SSO) expertise with AWS IAM Id Middle authentication. Customers can entry Amazon SageMaker Unified Studio with their present company credentials. AWS IAM Id Middle permits directors to attach their present exterior id suppliers and permits them to handle customers and teams of their present id techniques comparable to Okta which might then be synchronized with AWS IAM Id Middle utilizing SCIM (System for Cross-domain Id Administration).

This put up reveals step-by-step steering to setup workforce entry to Amazon SageMaker Unified Studio utilizing Okta as an exterior Id supplier with AWS IAM Id Middle.

Stipulations

Earlier than you begin , be sure to have:

  1. An AWS account with AWS IAM Id Middle enabled . It’s endorsed to make use of an organization-level AWS IAM Id Middle occasion for finest practices and centralized id administration throughout your AWS group.
  2. Okta account with customers and a gaggle
  3. A browser with community connectivity to Okta and Amazon SageMaker Unified Studio

Answer Overview

The steps on this put up are structured into the next sections:

  1. Allow AWS IAM Id Middle
  2. Create an Amazon SageMaker area
  3. Setup Okta customers and teams
  4. Configure SAML in Okta for AWS IAM Id Middle
  5. Configure Okta as an id supplier in AWS IAM Id Middle
  6. Join AWS IAM Id Middle to Okta
  7. Arrange automated provisioning of customers and teams in AWS IAM Id Middle
  8. Full Okta Configuration
  9. Configure Amazon SageMaker Unified Studio for SSO
  10. Take a look at the setup
  11. Cleanup

Allow AWS IAM Id Middle

To allow AWS IAM Id Middle, comply with the directions in Allow IAM Id Middle within the AWS IAM Id Middle Consumer Information.

Create an Amazon SageMaker area

  1. Signal into the AWS Administration console and navigate to the Amazon SageMaker console. To create a brand new Amazon SageMaker Unified Studio area comply with the directions in Create a Amazon SageMaker Unified Studio area – handbook setup
  2. From the Amazon SageMaker area Abstract web page, copy the Area ARN and save the worth as proven Determine 1 for later use.

Screenshot of Amazon SageMaker domain summary page showing Domain ARN field
Determine 1: Amazon SageMaker Area

Setup Okta customers and teams

Step 1: Join an Okta account

  • Join an Okta account, then select the Enroll button to finish your account setup.
  • If you have already got an account with Okta, login to your Okta account.

Step 2: Create Teams in Okta

  • Select Listing within the left menu and select Teams to proceed.
  • Click on on Add Group and enter title as unifiedstudio. Then select the Save button.

Screenshot of Okta group creation interface with unifiedstudio group name entered
Determine 2. Creating a gaggle in Okta

Step 3: Create customers in Okta

  • Select Folks in left menu underneath Listing part and select +Add Particular person.
  • Present First title, Final title, username (e mail ID), and first e mail. Then choose I’ll set password and select first time password. Use the Save button to create your person.
  • Add extra customers as wanted.

Step 4: Assign Teams to customers

  • Select Teams from the left menu, then select the unifiedstudio group created in Step 2.
  • Use Assign Folks so as to add customers to the sagemaker group. Subsequent, use + for every person you need to add.

Configure SAML In Okta

  1. Login to your okta area and select Functions from the left menu. Select Functions, then select Browse App Catalog
  2. Within the search field, enter AWS IAM Id Middle, then select the app so as to add the AWS IAM Id Middle app after which, select + Add Integration button.
    The next picture reveals the SAML app integration setup:
    Screenshot of Okta application catalog showing AWS IAM Identity Center app selection
    Determine 3. Making a SAML app integration in Okta
  3. For this instance, we’re creating an software known as “unifiedstudio”. Below Common Settings: Required enter the next
    • Software label = Change IAM Id Middle with unifiedstudio after which, select Save
  4. Below Signal on menu. Copy Metadata URL underneath SAML 2.0 part after which, open Metadata URL in a brand new browser window to obtain the Okta id supplier metadata and reserve it as metadata.xml. You’ll use this for the SAML configuration in AWS IAM Id Middle to setup Okta as an Id Supplier.The next picture reveals the place to seek out the metadata URL:

    Screenshot of Okta SAML settings showing metadata URL
    Determine 4: Downloading Okta id supplier metadata for SAML configuration

  5. Select Extra particulars and replica Signal on URL into textual content file; you’ll use this for the SAML configuration in Amazon SageMaker Unified Studio.

You are actually prepared to maneuver to the AWS IAM Id Middle console to create an id supplier integration in your Okta occasion.

Configure Okta as an id supplier in AWS IAM Id Middle

  1. Register to the AWS IAM Id Middle console as a person with administrative privileges
  2. Within the left navigation menu, select Settings after which, open the Id supply tab, select Change Id supply from Actions dropdown as proven in Determine 5
    Screenshot of AWS IAM Identity Center settings page showing Change Identity source optionDetermine 5: Deciding on id supply in AWS IAM Id Middle
  3. From Below Id supply, select Exterior Id supplier as proven in Determine 6
    Screenshot showing External Identity provider selection in AWS IAM Identity Center
    Determine 6: Selecting Exterior Id supplier in AWS IAM Id Middle
  4. You’ll want these configuration parameters for the following step. In Configure exterior id supplier part, underneath Service Supplier metadata, do the next:
    • Select Obtain metadata file to obtain the AWS IAM Id Middle metadata file and reserve it in your system
    • Copy these Service Supplier metadata right into a textual content file
      1. IAM Id Middle Assertion Shopper Service (ACS) URL
      2. IAM Id Middle issuer URL
  5. In Id supplier metadata part, underneath Idp SAML metadata, click on on select file and add the metadata.xml file which you downloaded from okta within the earlier step after which, select Subsequent as proven in Determine 7

    Screenshot of AWS IAM Identity Center external identity provider configuration showing metadata file upload

    Determine 7. Configuring okta as Id Supplier in AWS IAM Id Middle

  6. After you learn the disclaimer and are able to proceed, enter ACCEPT after which select Change id supply to finish Okta as an Id Supplier in IAM Id Middle.

Join AWS IAM Id Middle to Okta

  1. Signal into Okta and go to the admin console.
  2. Within the left navigation pane, select Functions, after which select the Okta software known as unifiedstudio which you created within the earlier part
  3. In Signal On, select Edit to finish SAML configuration. Below Superior Signal-on Settings enter the next after which, select Save to finish configuration as proven Determine 8.
    1. For the AWS SSO ACS URL, enter IAM Id Middle Assertion Shopper Service (ACS) URL
    2. For the AWS SSO issuer URL, enter IAM Id Middle issuer URL
    3. For the Software username format, select Okta username from dropdown

Screenshot of Okta advanced sign-on settings showing AWS SSO configuration fieldsDetermine 8. Configuring okta sign-on settings

Arrange automated provisioning of customers and teams

Within the AWS IAM Id Middle console, on the Settings web page, find the Computerized provisioning data field, after which select Allow as proven in Determine 9. Copy these values to allow automated provisioning.

Screenshot of AWS IAM Identity Center automatic provisioning enable option

Determine 9. Enabling automated provisioning in AWS IAM Id Middle

Within the Inbound automated provisioning dialog field, copy every of the values for the next choices as proven in Determine 10 after which, select Shut

    • SCIM endpoint
    • Entry token

You’ll use these values to configure provisioning in Okta within the subsequent step.

Screenshot of AWS IAM Identity Center inbound automatic provisioning dialog showing SCIM endpoint and access tokenDetermine 10. Computerized provisioning configuration parameters in AWS IAM Id Middle

Full the Okta integration

  1. Signal into Okta and go to the admin console.
  2. Within the left navigation pane, select Functions, after which select the Okta software known as unifiedstudio which you created earlier.
  3. In Provisioning tab, select Edit to finish auto provisioning between okta and AWS IAM Id Middle.
    • Below Settings, select Integration after which, select Configure API integration after which, choose Allow API integration to allow provisioning and enter the next utilizing the SCIM provisioning values from AWS IAM Id Middle that you just copied from the earlier step as proven in Determine 11

      For the Base URL, enter SCIM endpoint from IAM Id Middle
      For the API Token, enter Entry token from IAM Id Middle
      For Import Teams, choose Import teams possibility

    After which, select Take a look at API Credentials to validate the SCIM provision after which, select Save.

    Screenshot of Okta provisioning settings showing API integration configuration with SCIM endpoint and token fields

    Determine 11: Computerized provisioning configuration in Okta

  4. Within the Provisioning tab, within the navigation pane underneath Settings, select To App within the left navigation. Select Edit, to Allow all choices comparable to Create Customers , Replace Consumer Attributes , Deactivate Customers as proven in Determine 12 after which, select Save.

    Screenshot of Okta provisioning To App settings showing user management options

    Determine 12: Enabling Computerized provisioning configuration in Okta

  5. Within the Assignments tab, select Assign, after which Assign to Teams.
    • Choose the unifiedstudio group, select Assign, after which, go away it to defaults on popup after which, select Accomplished to finish the Group project, as proven in Determine 13.

    Screenshot of Okta group assignment interface showing unifiedstudio group selectionDetermine 13: Assigning unifiedstudio group to SAML software known as unifiedstudio

  6. Within the Push Teams tab, underneath Push Teams drop-down listing, choose Discover teams by title as proven in Determine 14.

    Screenshot of Okta Push Groups interface showing Find groups by name option

    Determine 14: Selecting okta teams to push them to AWS IAM Id Middle

    • Choose the unifiedstudio group, go away Push group memberships instantly default possibility after which, select Save as proven in Determine 15.

    Screenshot of Okta push groups settings showing unifiedstudio group configuration

    Determine 15: Pushing okta teams to AWS IAM Id Middle

Return to AWS IAM Id Middle, and you need to be capable of see Okta group and Okta customers in AWS IAM Id Middle teams and customers as proven In Determine 16.

Screenshot of AWS IAM Identity Center showing Okta users and groups synchronized from external identity provider

Determine 16: Okta person teams in AWS IAM Id Middle

Configure SageMaker Unified Studio for SSO

On this step, you’ll configure SSO person entry to Amazon SageMaker Unified Studio in your Amazon SageMaker platform area.

  1. Navigate to the Amazon SageMaker administration console.
  2. Within the left navigation menu, choose Domains.
  3. Select the Area from the listing for which you need to configure SAML person entry.
  4. On the area’s particulars web page, select Configure subsequent to the Configure SSO person entry.
    Screenshot of Amazon SageMaker domain details page showing Configure SSO user access option
    Determine 17: Amazon SageMaker Unified Studio SSO configuration
  5. On the Select person authentication technique web page, select IAM Id Middle. With IAM Id Middle, customers configured via exterior Id Suppliers (IdPs) get to entry the area’s Amazon SageMaker Unified Studio. Select Subsequent.
    Screenshot of SageMaker authentication method selection showing IAM Identity Center option
    Determine 18: Selecting authentication
  6. You possibly can select both Require assignments – which suggests you explicitly choose customers/teams that may entry the area or Don’t require assignments – which permits all licensed Okta customers and teams entry to this area.
    1. You’ve two choices to configure how your customers will entry to Amazon SageMaker Unified studio with AWS IAM Id Middle federation with Okta
      • Don’t required Assignments – The entry will probably be supplied to Amazon SageMaker Unified Studio primarily based in your Okta SAML software assignments both via Group assignments or Particular person person assignments. For this instance, if you select Don’t required assignments possibility, all of the customers inside unifiedstudio Okta group can have entry to Amazon SageMaker Unified Studio as we’ve got assigned unifiedstudio Okta person group to unifiedstudio SAML software in Okta.
      • Require Assignments – You must add both Okta customers or Okta group to Amazon SageMaker area as proven in step 8. In step 8, you’ll add unifiedstudio Okta group into Amazon SageMaker area so that every one unifiedstudio Okta group customers will get entry to Amazon SageMaker Unified Studio. You may also present an Particular person Okta group customers entry to Amazon SageMaker unified studio via Amazon SageMaker area console by including SSO (okta person) person into the area.
    2. Observe that both an Particular person person or group inside Okta should be assigned to the AWS Id heart software (AWS IAM Id Middle from Okta software catalog. We renamed software label as unifiedstudio for this instance) for each Don’t require Assignments and Require Assignments choices.

    Screenshot of SageMaker Unified Studio SAML configuration showing assignment options

    Determine 19. Amazon SageMaker Unified Studio SAML configuration

  7. On the Evaluation and save web page, evaluation your decisions after which select Save. Observe that these settings are everlasting as soon as saved.

    Screenshot of SageMaker SAML configuration review and save page

    Determine 20. Evaluation and ensure SAML configuration

  8. If you happen to’ve chosen to require assignments, use the Add customers and teams so as to add SAML customers and teams to your area.

    Screenshot of SageMaker domain showing Add users and groups interface for Okta group assignment

    Determine 21. Including okta group into Amazon Sagemaker area

  9. Now, customers will be capable of entry the Amazon SageMaker Unified Studio utilizing the Area URL with their SSO credentials.
  10. You possibly can discover totally different initiatives in your customers and assign these initiatives primarily based in your SAML person teams for fine-grained entry controls. For instance, you’ll be able to create totally different SAML person teams primarily based on their job perform in Okta, assign these Okta teams to AWS IAM Id Middle app in Okta after which, assign these Okta SAML teams to respective undertaking profiles in Amazon SageMaker Unified Studio. To carry out undertaking profiles assignments to respective teams, select undertaking profiles tab, click on on respective undertaking profiles like SQL analytics, select Approved customers and teams tab after which, select Add and choose SSO teams from drop down as proven in Determine 22. Lastly select Add customers and teams to finish undertaking profile project.

    Screenshot of SageMaker Unified Studio project profile assignment interface showing SSO groups selection

    Determine 22. Assigning a undertaking profile to okta group

Take a look at the setup

  1. The Amazon SageMaker Unified Studio URL may be discovered on the area particulars web page as proven in Determine 23. The primary entry to Amazon SageMaker Unified Studio URL redirects you to the Okta login display screen.
    Screenshot of SageMaker domain details page showing the Unified Studio URL for user access

    Determine 23. Validating Okta person entry with Amazon SageMaker Unified Studio

  2. Copy and paste the Amazon SageMaker Unified Studio URL in your browser and enter the person credentials.
  3. After profitable login, you can be redirected to the Amazon SageMaker Unified Studio residence web page.

    Screenshot of Amazon SageMaker Unified Studio home page after successful SAML authentication

    SAML authenticated Amazon SageMaker Unified Studio

    Determine 24. SAML authenticated Amazon SageMaker Unified Studio

  4. As soon as logged into Amazon SageMaker Unified Studio, you’ll be able to assign authorization insurance policies primarily based in your necessities. Select Govern after which select, Area items and select your SageMaker area to pick out appropriate authorization insurance policies. For this instance, we’re selecting undertaking creation coverage as proven in Determine 25.

    Amazon SageMaker unified studio authorization policies

    Screenshot of SageMaker Unified Studio authorization policies interface showing project creation policy selection
    Determine 25. Amazon SageMaker unified studio authorization insurance policies

  5. Select Mission membership coverage after which select ADD POLICY GRANT choice to assign person teams or customers to respective undertaking. For this instance, we’re selecting undertaking membership coverage as proven in Determine 26.

    Amazon SageMaker unified studio authorization policies assignment

    Screenshot of SageMaker Unified Studio policy grant assignment interface for project membership

    Determine 26. Amazon SageMaker unified studio authorization insurance policies project

You’ve now efficiently configured single sign-on for Amazon SageMaker Unified Studio utilizing Okta credentials via AWS IAM Id Middle.

Clear up

To keep away from ongoing prices, delete the sources you created:

Conclusion

On this put up, we confirmed you how one can arrange Okta as an id supplier utilizing SAML authentication for Amazon SageMaker Unified Studio entry via AWS IAM Id Middle federation. This setup permits your customers to entry SageMaker Unified Studio with their present company credentials, eliminating the necessity for separate AWS accounts.

Get began by checking the Amazon SageMaker Unified Studio Developer Information, which offers steering on how one can construct information and AI purposes utilizing Amazon SageMaker platform

In regards to the authors

Raghavarao Sodabathina

Raghavarao Sodabathina

Raghavarao is a principal options architect at AWS, specializing in information analytics, AI/ML, and cloud safety. He engages with clients to create revolutionary options that tackle buyer enterprise issues and speed up the adoption of AWS providers. In his spare time, Raghavarao enjoys spending time along with his household, studying books, and watching motion pictures.

Matt Nispel

Matt Nispel

Matt is an Enterprise Options Architect at AWS. He has greater than 10 years of expertise constructing cloud architectures for giant enterprise corporations. At AWS, Matt helps clients rearchitect their purposes to take full benefit of the cloud. Matt lives in Minneapolis, Minnesota, and in his free time enjoys spending time with family and friends.

Nicholaus Lawson

Nicholaus Lawson

Nicholaus is a Answer Architect at AWS and a part of the AIML specialty group. He has a background in software program engineering and AI analysis. Outdoors of labor, Nicholaus is usually coding, studying one thing new, or woodworking.

Jacob Grant

Jacob Grant

Jacob is a Options Architect at AWS, primarily based in Atlanta, Georgia, with over 4 years of AWS expertise. He’s presently targeted on serving to HCLS clients construct revolutionary options. Jacob has a ardour for constructing options within the Machine Studying and Synthetic Intelligence area and has helped clients combine agentic options into their workloads. Outdoors of labor, Jacob enjoys spending time along with his spouse and their two younger daughters, embracing household adventures each time attainable.

Previous articleDrone Hurricane Response. From Harvey to Melissa
Next articleStarship Applied sciences obtains Sequence C for autonomous deliveries throughout the U.S.
Jules Jacksonhttps://expertlifetips.com
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Load more

Recent Comments

ABOUT US

Expertlifetips is your technology, gadget, and 3D printing website. We provide you with the latest breaking news and videos straight from the technology industry.

POPULAR POSTS

POPULAR CATEGORY

Copyrights 2025 © expertlifetips.com. All rights reserved.