Configure your identity provider - AWS Transfer Family

Configure your identity provider

The following section describes how to configure your identity provider.

To begin, you must have an identity source. You can use an IAM Identity Center directory, AWS Directory Service for Microsoft Active Directory, or an external identity provider. Transfer Family uses IAM Identity Center as a federated identity provider, which is a system that stores user credentials and authenticates users across multiple organizations.

If you're not using an IAM Identity Center directory as your identity source, see the following topics:

Note

You can only have one identity source in IAM Identity Center, per AWS Region.

If you plan to use the IAM Identity Center directory as your identity source, and want a quick setup, you can skip this topic and go to Create a Transfer Family web app to create an IAM Identity Center instance from the wizard.

To configure AWS IAM Identity Center for use with Transfer Family web apps

  1. Sign in to the AWS Management Console and open the AWS IAM Identity Center console at https://console.aws.amazon.com/singlesignon/.

  2. You can create and use either an account instance or an organization instance of AWS IAM Identity Center.

    • For details about account instances, see Create an account instance of AWS IAM Identity Center. With an account instance of IAM Identity Center, you can deploy supported AWS managed applications and OpenID Connect (OIDC)-based customer managed applications. Account instances support isolated deployments of applications in a single AWS account, leveraging IAM Identity Center workforce identity and access portal features.

    • For details about organization instances, see Organization instances of IAM Identity Center. You can centrally manage the access of users and groups with a single organization instance.

  3. On the IAM Identity Center Settings page, note down your Instance ARN. You will need this value when you create an Amazon S3 Access Grant instance.

    Console screenshot from AWS IAM Identity Center showing the Settings page with the Instance ARN circled.

  4. Create one or more users and, optionally, groups, to use with your Transfer Family web app. If you're using an IAM Identity Center directory as your identity provider, you can also add users directly from the web app itself. For more information, see Assign or add users or groups to your Transfer Family web app.