Device-based trust providers for Verified Access
You can use device trust providers with AWS Verified Access. You can use one or multiple device trust providers with your Verified Access instance.
Contents
Supported device trust providers
The following device trust providers can be integrated with Verified Access:
Create a device-based trust provider
Follow these steps to create and configure a device trust provider to use with Verified Access.
To create a Verified Access device trust provider (AWS console)
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, choose Verified Access trust providers, and then Create Verified Access trust provider.
-
(Optional) For Name tag and Description, enter a name and description for the trust provider.
-
Enter an identifier to use later when working with policy rules for Policy reference name.
-
For Trust provider type, select Device identity.
-
For Device identity type, choose Jamf, CrowdStrike, or JumpCloud.
-
For Tenant ID, enter the identifier of the tenant application.
-
(Optional) For Public signing key URL, enter the unique key URL shared by your device trust provider. (This parameter is not required for Jamf, CrowdStrike or Jumpcloud.)
-
Choose Create Verified Access trust provider.
Note
You will need to add a redirect URI to your OIDC provider's allowlist. You will want
to use the DeviceValidationDomain
of the Verified Access endpoint for this purpose.
This can be found in the AWS Management Console, under the Details tab for your
Verified Access endpoint or by using the AWS CLI to describe the endpoint. Add the following to
your OIDC provider's allowlist:
https://DeviceValidationDomain
/oauth2/idpresponse
To create a Verified Access device trust provider (AWS CLI)
-
create-verified-access-trust-provider
(AWS CLI)
Modify a device-based trust provider
After you create a trust provider, you can update its configuration.
To modify a Verified Access device trust provider (AWS console)
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, choose Verified Access trust providers.
-
Select the trust provider.
-
Choose Actions, then select Modify Verified Access trust provider.
-
Modify the description as needed.
-
(Optional) For Public signing key URL, modify the unique key URL shared by your device trust provider. (This parameter is not required if your device trust provider is Jamf, CrowdStrike or Jumpcloud.)
-
Choose Modify Verified Access trust provider.
To modify a Verified Access device trust provider (AWS CLI)
-
modify-verified-access-trust-provider
(AWS CLI)
Delete a device-based trust provider
When you are finished with a trust provider, you can delete it.
To delete a Verified Access device trust provider (AWS console)
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, choose Verified Access trust providers.
-
Select the trust provider you want to delete under Verified Access trust providers.
-
Choose Actions, then select Delete Verified Access trust provider.
-
When prompted for confirmation, enter
delete
, and then choose Delete.
To delete a Verified Access device trust provider (AWS CLI)
-
delete-verified-access-trust-provider
(AWS CLI)