MicroStrategy ONE
Signing in to Amazon Web Services™ by Scanning a QR Code
The following steps contain only the information required to configure or use AWS with MicroStrategy Identity. The information provided is subject to change. See the appropriate third-party documentation for the latest information.
- You have administrative privileges for the AWS Management Console.
- To display a custom image on the MicroStrategy Identity login page for AWS, you must create the image to display. Supported image formats are
.png
,.jpeg
, and.jpg
files. - The steps to determine the URL of the Identity login page for Amazon Web Services assume that you have registered your Amazon Web Services site with MicroStrategy Identity.
To Register Amazon Web Services with MicroStrategy Identity
If your AWS Management Console users are populated from an identity management (IDM) system such as Microsoft Active Directory or OpenLDAP, MicroStrategy recommends that you add users to your Identity Network by synchronizing MicroStrategy Identity with the same IDM system. This helps add user information to MicroStrategy Identity and may be easier than adding users manually or by importing a file. For steps, see Synchronizing Users from Microsoft Active Directory or Synchronizing Users from OpenLDAP.
- Log into MicroStrategy Identity Manager.
- Click Logical Gateways.
- Under Web Application Login, click More, then click Amazon Web Services.
- To change the image that is displayed on the AWS Management Console login page, click Import An Icon. Select an image to display, then click Open.
- In the Enter Display Name field, provide a name to display for the AWS Management Console login page. The name can be up to 30 characters long.
- If the users in your Identity Network are added from Microsoft Active Directory, you can enable users to sign in to AWS by typing their Active Directory user name and password, rather than scanning a QR code. For example, if not all users in your network have access to a smartphone, you can enable users to sign in with their user name and password. To do this, select the Enable user name and password as a login option check box.
- If the users in your Identity Network are added from Microsoft Active Directory (see Synchronizing Users from Microsoft Active Directory), you can enable users to sign in to AWS by typing their Active Directory user name and password, rather than scanning a QR code. For example, if not all users in your network have access to a smartphone, you can enable users to sign in with their user name and password. To do this, select the Enable user name and password as a login option check box.
- Download the MicroStrategy Identity provider metadata file. The metadata includes a configuration
.xml
file that AWS uses to automatically configure the settings for connecting to MicroStrategy Identity. Note the location on your computer where the metadata.xml
file is saved. - In a new browser window or tab, log in to your AWS Management Console with an administrative account.
- Open the AWS Identity and Access Management section, then open the Identity Providers tab. Create a new Identity Provider with the following values:
- Provider type: Select the SAML option
- Provider name: Type a name for the MicroStrategy Identity provider.
- Metadata document: Upload the MicroStrategy Identity provider metadata that you downloaded from MicroStrategy Identity Manager.
- From the AWS Identity and Access Management section, open the Roles tab. Create a new Role with the following values:
- Role name: Type a role name.
- Role type: Select Role for Identity Provider Access, then select Grant Web Single Sign-On (Web SSO) access to SAML providers
- SAML provider: Select the MicroStrategy Identity provider that you created.
- Attach policy: Select the policy that controls what access permissions you want to grant to the users who log into the AWS Management Console with MicroStrategy Identity. See your Amazon documentation for more information.
- Locate the Amazon Resource Names (ARNs) for the Role and Identity Provider that you created. To do this, from the Identity and Access Management section of your AWS Management Console, do the following:
- In the Roles tab, open the role that you created. Note the value for Role ARN.
- In the Identity Providers tab, open the MicroStrategy Identity provider that you created. Note the value for Provider ARN.
- In MicroStrategy Identity Manager, click Next.
- In the SAML attribute consuming service, locate the attribute that has the SAML Attribute Name of
https://aws.amazon.com/SAML/Attributes/Role
. In the Sample/Value field for this attribute, type the ARNs for the Role and the Identity Provider, separated by a comma. Type the values in the formatRoleARN,
ProviderARN
. - Click Next, The URL for the login page to your AWS Management Console is displayed. You can distribute this URL to users in your network.
- Click Done.
AWS users can log in to the AWS Management Console by scanning a QR code using the MicroStrategy Badge app on their smartphone.
To Determine the MicroStrategy Idenity Login Page URL for Amazon Web Services
Amazon Web Services (AWS) users can log in to the AWS Management Console by navigating to the MicroStrategy Identity single sign-on web portal, or by navigating to the Identity login page URL for AWS.
- Log into MicroStrategy Identity Manager.
- Click Logical Gateways.
- Under Web Application Login, click Edit next to the AWS site whose login page URL you want to determine.
- Click Configure Information for Your App. The URL for the login page to your AWS Management Console is displayed. You can distribute this URL to users in your network.
Related Topics
Signing in to MicroStrategy Identity-Enabled Web Applications from a Centralized Website