AWS integrations

Prev Next

Available in Classic and VPC

This section describes how to integrate AWS accounts with NAVER Cloud Platform accounts. You can log in to the NAVER Cloud Platform console with AWS accounts and use the services of NAVER Cloud Platform within the permissions granted to the user.

The sequence of integrating NAVER Cloud Platform accounts and AWS accounts is as follows:

1. Download metadata from AWS.
2. Register external IdP information from NAVER Cloud Platform.
3. Configure AWS authentication.
4. Configure NAVER Cloud Platform authentication.
5. Verify integrations.

1. Download metadata from AWS

To download metadata from AWS:

  1. Log in to the AWS console and navigate to Services > Security, Credentials & Compliance > IAM Identity Center.
  2. On the left side of the interface, click Assign application > Application > [Add application]
  3. Proceed to click on Add custom SAML 2.0 application, then click the [Next]
  4. Click the Download link for the IAM Identity Center SAML metadata file located in the IAM Identity Center metadata component. 
  5. Confirm the file downloaded to the user's PC.

2. Register external IdP information from NAVER Cloud Platform

To register external IdP information from NAVER Cloud Platform:

  1. From the NAVER Cloud Platform console, navigate to i_menu > Services > Management & Governance > Ncloud Single Sign-On.
  2. In the Tenant menu, click [Register external IdP].
  3. In the Metadata item, paste the metadata information downloaded from 1. Download metadata from AWS, then click the [Save].
    • The sub-information will be entered automatically.
  4. Click the [Register].

3. Configure AWS authentication

This section describes how to configure the necessary settings for authentication after adding a SAML application and users in AWS for integration with NAVER Cloud Platform.

Add SAML 2.0 application

To add a SAML 2.0 application in AWS:

  1. Log in to the AWS console and navigate to Services > Security, Credentials & Compliance > IAM Identity Center.
  2. On the left side of the interface, click Assign application > Application > [Add application]
  3. Proceed to click on Add custom SAML 2.0 application, then click the [Next]
  4. Click on Manual entry of metadata values in the Application metadata component.
  5. In Application ACS URL, input the Assertion Consumer Service (ACS) URL information copied from Copy SAML integration information.
  6. In Application SAML target, input the Issuer URL information copied from Copy SAML integration information.
  7. Click the [Submit].
  8. After assigning users to the application, configure attribute mapping.

Copy SAML integration information

To integrate Ncloud Single Sign-On and IdP, you need the Assertion Consumer Service (ACS) URL information, which is the endpoint to receive the SAML response from IdP, and the Issuer URL information to identify the IdP.

To confirm the ACS URL and Issuer URL of NAVER Cloud Platform:

  1. From the NAVER Cloud Platform console, navigate to i_menu > Services > Management & Governance > Ncloud Single Sign-On.
  2. Copy the following information from the External IdP Metadata component in the Tenant menu:
    • Assertion Consumer Service (ACS) URL
    • Issuer URL
    • Login URL

Add AWS users

To add users in AWS:

  1. Log in to the AWS console and navigate to Services > Security, Credentials & Compliance > IAM Identity Center.
  2. Click the Users > [Add user].
  3. Enter user information, and then click the [Next].
  4. To include the respective user in a specific group, select the group and then click the [Next].
    • If you wish not to assign to any group, do not select any group and click the [Next].  
  5. Confirm the user information, and then click the [Add user].

Assign users to an application

To assign users to an application in AWS:

  1. Log in to the AWS console and navigate to Services > Security, Credentials & Compliance > IAM Identity Center.
  2. Click Assign application > application, and then click on the created application.  
  3. Click the [Assign users].
  4. Click the checkbox for the user, and then click the [Assign users].

Configure attribute mapping

To map user profiles of AWS with those of Ncloud Single Sign-On, this defines the user properties information to be forwarded from AWS to NAVER Cloud Platform.

Note

This guide describes the user property information primarily used in authentication, which are FirstName, LastName, and Email.

To define user attribute information in AWS:

  1. Log in to the AWS console and navigate to Services > Security, Credentials & Compliance > IAM Identity Center.
  2. Click Assign application > application, and then click on the created application.  
  3. In the details component, click the [Task] > [Edit attribute mapping].
  4. To receive the necessary FirstName, LastName, and Email values for authentication, enter the fields.
    sso-aws_attributemapping_ko.png
  5. Click the [Save changes].
    • You will be redirected to the application's details interface.
Note

For more information, see Attribute mappings provided by AWS. 

4. Configure NAVER Cloud Platform authentication

This section describes how to register the AWS account to be integrated on the NAVER Cloud Platform console and then map user profiles.

Configure attribute mapper

To link the user property information set in AWS to the user property information of Ncloud Single Sign-On service:

  1. From the NAVER Cloud Platform console, navigate to i_menu > Services > Management & Governance > Ncloud Single Sign-On.
  2. Click the [Attribute mapper].
  3. When the attribute mapper interface appears, enter the registered content in Configure attribute mapping in External IdP parameter.
  4. In sync mode, set the user profile update method.
    • None: Do not update user profile.
    • Import: Update user profiles only at first login.
    • Force: Update the user profile at every login.
  5. Click the [Save].

Add SSO user

You need to create an SSO user in the Ncloud Single Sign-On service using the email information of the user created in the Add AWS users step.

To add an SSO user in Ncloud Single Sign-On on NAVER Cloud Platform:

  1. From the NAVER Cloud Platform console, navigate to i_menu > Services > Management & Governance > Ncloud Single Sign-On.
  2. Click External IdP login > Users > [Create user].
  3. Enter the email address of the user created in Add AWS users in login ID, then click the [Create]
Note

For more information about how to create an SSO user in Ncloud Single Sign-On, see Users.

5. Verify integrations

To verify if the AWS account and NAVER Cloud Platform account are integrated:

  1. From the NAVER Cloud Platform console, navigate to i_menu > Services > Management & Governance > Ncloud Single Sign-On.
  2. Copy the Login URL from the Tenant menu, then access the URL.
    • The SSO role switch interface appears.
  3. Click the [Console access] or [API access] on the SSO role switch interface.
    • Depending on the access type set for the logged-in SSO user, the [Console access] or [API Gateway access] button appears.
  4. Click Services > Management & Governance > Ncloud Single Sign-On > External IdP login > User.
  5. Click the [Profile] tab in the details of the logged-in SSO user, then check if the user profile has been updated.