Meveto allows you to login to your AWS management console. In order to configure Meveto as your AWS console’s identity provider, you must have admin access to the AWS organization account. Start by logging in to your AWS account and then follow the following steps to complete the setup.
- Click the “Create Provider” button.
From the right side menu, choose “Identity providers”.
Click the “Add Provider” button.
Choose “SAML” as provider type. Enter “Meveto”, or whatever you want, as the name of the identity provider. Whatever you enter as the name of the identity provider, will be required later, so note it down. Also, the name is case sensitive, so pay attention to that as well. Then upload the metadata document provided by Meveto. Finally, press the “Add Provider” button.
AWS Console requires a role when you login to it. Meveto will need you to specify a role, you would like to assume, when Meveto logs you in to your AWS account. Therefore you will either need to create a new SAML 2.0 Federation role, or use an existing SAML 2.0 Federation role. To create a new one, press the “Assign role” button.
Choose Create a new role.
Choose “SAML 2.0 federation” as type.
Choose the Meveto SAML provider you created in previous steps. Make sure to choose “Programmatic and AWS Management Console access”, and then click the “Next: permissions” button.
Next, from the list of permission policies, choose one or more. When Meveto logs you in using this role, you will be able to exercise the permissions you choose here. Then press the “Next: tags” button. Define any tags you would like to identify this new role with, or you may just skip the tags.
Press Next again
Next, give the new role a name. This name is case sensitive, and will be required by Meveto, exactly as you type it here. Click the “Create role” button to complete the process.
The above steps conclude what is required at AWS. Next, you will need to configure a new single sign-on identity in your Meveto dashboard. To do so, go to your Meveto dashboard, and click on the “Add Single Sign-On Identity” button. Next, choose “AWS Management Console Single Sign-On” as the service provider. Then Meveto will require you to provide the following information.
“What name did you choose for Meveto as an identity provider?” This is the name you chose in step 4 above. Remember it’s also case sensitive.
“What's your AWS account number? Enter without dashes.” This is the unique AWS account number.
“What should the name of the SSO session be?” This is a required value by AWS. You can enter any value here. This will appear on your AWS account, when Meveto logs you into it. This value helps in identifying your login session. The value MUST NOT HAVE any spaces. We recommend you use hyphens.
“How long should SSO session be valid for? (In seconds)” When Meveto logs you into your account, this value determines how long you can stay logged in. After this amount of time in seconds, your session will expire. AWS enforces a minimum of 900, or 15 minutes, and maximum of 43200, or 12 hours. You can leave this value blank, and it will default to 3600 or 1 hour.
“What AWS roles would you like to assume?” This is the role that you created in steps 6 through 10 above. However, AWS allows you to specify multiple roles as well. If you define multiple roles in your Meveto dashboard, (remember that you will have to create each role by following steps 6 through 10) Then, when Meveto logs you into your account, AWS will present you with the list of roles, you have defined, and will let you choose the role, you want to assume for that particular session. In the Meveto integration settings here, click the “Add role” button to specify more roles. Role names are case sensitive, and must be entered exactly as you set them, in step 10.
Once you have provided the above information, press the “Submit” button, to complete the Meveto integration process, with your AWS Management console account.