- Print
- PDF
Integrating with AWS
- Print
- PDF
Available in Classic and VPC
This section describes how to integrate AWS accounts with NAVER Cloud Platform accounts. You can log in to NAVER Cloud Platform console with AWS accounts and use the services of NAVER Cloud Platform within the permissions granted to the user.
The sequence of integrating NAVER Cloud Platform accounts and AWS accounts is as follows:
1. Download metadata from AWS
2. Register external IdP information on NAVER Cloud Platform
3. Configure AWS authentication
4. Configure NAVER Cloud Platform authentication
5. Verify integration
1. Download metadata from AWS
The method for downloading metadata from AWS is as follows:
- Log in to the AWS console and navigate to Services > Security, Credentials & Compliance > IAM Identity Center menu by clicking on it.
- On the left side of the page, click the Assign application > Application > [Add application] button.
- Proceed to click on Add custom SAML 2.0 application, then click the [Next] button.
- Click the Download link for the IAM Identity Center SAML metadata file located in the IAM Identity Center metadata section.
- Confirm the file downloaded to the user’s PC.
2. Register external IdP information on NAVER Cloud Platform
The following describes how to register external IdP information on NAVER Cloud Platform.
- Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
- Click Services > Management & Governance > Ncloud Single Sign-On, in that order.
- In the Tenant menu, click the [Register External IdP] button.
- In the Metadata section, paste the metadata information downloaded from 1. Download metadata from AWS, then click the [Save] button.
- The sub-information will be entered automatically.
- Click the [Register] button.
3. Configure AWS authentication
This section describes how to configure necessary settings for authentication after adding a SAML application and users in AWS for integration with NAVER Cloud Platform.
Add SAML 2.0 application
The following shows how to add a SAML 2.0 application in AWS.
- Log in to the AWS console and navigate to Services > Security, Credentials & Compliance > IAM Identity Center menu by clicking on it.
- On the left side of the page, click the Assign application > Application > [Add application] button.
- Proceed to click on Add custom SAML 2.0 application, then click the [Next] button.
- Click on Manual entry of metadata values in the Application metadata section.
- In Application ACS URL, input the Assertion Consumer Service (ACS) URL information copied from Copy SAML integration information.
- In Application SAML target, input the Issuer URL information copied from Copy SAML integration information.
- Click the [Submit] button.
- After assigning users to the application, configure the Attribute Mapping.
- For how to add users, see Add AWS users.
- For how to assign users to the application, see Assign users to application.
- For how to configure Attribute Mapping, see Configure Attribute Mapping.
Copy SAML integration information
To integrate Ncloud Single Sign-On service and IdP, you need the Assertion Consumer Service (ACS) URL information, which is the endpoint to receive the SAML response from IdP, and the Issuer URL information to identify the IdP.
The following describes how to confirm the ACS URL and Issuer URL of NAVER Cloud Platform.
- Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
- Click Services > Management & Governance > Ncloud Single Sign-On, in that order.
- Copy the following information from the External IdP Metadata section in the Tenant menu.
- Assertion Consumer Service (ACS) URL
- Issuer URL
- Login URL
Add AWS users
The following describes how to add users in AWS.
- Log in to the AWS console and navigate to Services > Security, Credentials & Compliance > IAM Identity Center menu by clicking on it.
- Click the Users > [Add user] button.
- Enter user information, and then click the [Next] button.
- To include the respective user in a specific group, select the group and then click the [Next] button.
- If you wish not to assign to any group, do not select any group and click the [Next] button.
- Confirm the user information, and then click the [Add user] button.
Assign users to the application
The following describes how to assign users to an application in AWS.
- Log in to the AWS console and navigate to Services > Security, Credentials & Compliance > IAM Identity Center menu by clicking on it.
- Click the Assign application > application menu, and then click on the created application.
- Click the [Assign users] button.
- Click the checkbox for the user, and then click the [Assign users] button.
Configure Attribute Mapping
To map user profiles of AWS with Ncloud Single Sign-On service, this defines the user attribute information to be transferred from AWS to NAVER Cloud Platform.
This guide explains the user attribute information primarily used in authentication, which are FirstName, LastName, Email.
The following shows how to define user attribute information in AWS.
Log in to the AWS console and navigate to Services > Security, Credentials & Compliance > IAM Identity Center menu by clicking on it.
Click the Assign application > application menu, and then click on the created application.
In the details area, click the [Task] > [Edit Attribute Mapping] button.
To receive the necessary FirstName, LastName, Email values for authentication, enter the fields.
Click the [Save changes] button.
- You will be redirected to the application’s details page.
For more information, see Attribute mappings provided by AWS.
4. Configure NAVER Cloud Platform authentication
This section describes how to register the AWS account to be integrated with NAVER Cloud Platform console and then map user profiles.
Configure Attribute Mapper
The following shows how to link user attribute information set in AWS to user attribute information of Ncloud Single Sign-On service.
- Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
- Click Services > Management & Governance > Ncloud Single Sign-On menus, in that order.
- Click the Tenant menu.
- Click the [Attribute Mapper] button.
- When the Attribute Mapper page appears, enter the registered content in Configure Attribute Mapping in External IdP Parameter.
- In Sync mode, set the user profile update method.
- None: the user profile is not updated.
- Import: the user profile is updated only upon first login.
- Force: the user profile is updated at every login.
- Click the [Save] button.
Add SSO User
You need to create an SSO User in the Ncloud Single Sign-On service using the email information of the user created in the Add AWS users step.
The following describes how to add an SSO User in Ncloud Single Sign-On service on NAVER Cloud Platform.
- Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
- Click Services > Management & Governance > Ncloud Single Sign-On menus.
- Click External IdP login > Users > [Create User] button.
- Enter the email address of the user created in Add AWS users in login ID, then click the [Create] button.
For how to create an SSO User in Ncloud Single Sign-On service, see Users.
5. Verify integration
The following describes how to verify if the AWS account and NAVER Cloud Platform account are integrated.
- Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
- Click Services > Management & Governance > Ncloud Single Sign-On, in that order.
- Copy the Login URL from the Tenant menu, then access the URL.
- The SSO role switch page will appear.
- Click the [Console access] or [API access] button on the SSO role switch page.
- Depending on the access type set for the logged-in SSO User, the [Console access] or [API Gateway access] button will appear.
- Click the Services > Management & Governance > Ncloud Single Sign-On > External IdP login > User menu.
- Click the [Profile] tab in the detailed information of the logged-in SSO User, then check if the user profile has been updated.