{"id":23663625,"url":"https://github.com/bervproject/azureadxawsintegrator","last_synced_at":"2025-12-06T11:30:16.987Z","repository":{"id":63444838,"uuid":"566317461","full_name":"bervProject/AzureADxAWSIntegrator","owner":"bervProject","description":"Azure AD x AWS Integrator","archived":false,"fork":false,"pushed_at":"2024-10-30T02:05:41.000Z","size":610,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-10-30T04:57:29.541Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bervProject.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-15T12:25:31.000Z","updated_at":"2024-10-30T02:05:37.000Z","dependencies_parsed_at":"2024-02-15T02:25:14.850Z","dependency_job_id":"d0d9ad0a-f7b8-44cc-a17a-c51d806d3013","html_url":"https://github.com/bervProject/AzureADxAWSIntegrator","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bervProject%2FAzureADxAWSIntegrator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bervProject%2FAzureADxAWSIntegrator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bervProject%2FAzureADxAWSIntegrator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bervProject%2FAzureADxAWSIntegrator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bervProject","download_url":"https://codeload.github.com/bervProject/AzureADxAWSIntegrator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239662732,"owners_count":19676435,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-29T05:30:38.773Z","updated_at":"2025-12-06T11:30:16.949Z","avatar_url":"https://github.com/bervProject.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Azure AD SSO Automate - AWS\n\n## Flow\n\n### General Flow\n\n```mermaid\nflowchart LR\n    subgraph azuread[Azure AD]\n        aad1[Settings Enterprise Application] --\u003e aad2[Download XML Federation]\n    end\n    subgraph aws[AWS]\n        aad2 --\u003e aws1[Settings Identity Provider]\n        aws1 --\u003e aws2[Add/Create Role]    \n    end\n```\n\n### Flow (Technical Terms)\n\n```mermaid\nflowchart TD\n    subgraph azuread[Azure AD]\n        aad1[Create Enterprise App from Templates] --\u003e aad2[Update Service Principal \u0026 App Registration to use SAML]\n        aad2 --\u003e aad3[Configure Service Principal Roles]\n        aad3 --\u003e aad4[Configure Claim Mapping Policies \u0026 Assign to Service Principal]\n        aad4 --\u003e aad5[Configure Singing Certificates for Service Principal]\n        aad5 --\u003e aad6[Optional - Configure User \u0026 Assign to a role]\n    end\n    subgraph aws[AWS]\n        aad5 --\u003e aws1[Add/Get SAML Provider]\n        aws1 --\u003e aws2[Create/Update Role to be assigned with SAML Provider]    \n    end\n```\n\n## Setup Project\n\n### Environment Variables\n\n```bash\n## For the Console App/Business Flow, planned to be removed\nAWS_ACCOUNT_ID=\n## For AWS SDK\nAWS_PROFILE=\n# For Azure AD / Microsoft Graph\nCLIENT_ID=\nCLIENT_SECRET=\nTENANT_ID=\n```\n\n**Note/Details**:\n\n1. Please see [here](https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.html) for configuring the AWS SDK Credentials.\n   1. Currently, we only change Identity Provider \u0026 IAM Roles. Please make sure your credentials allow you to create/update it.\n2. Please see [here](https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS#client-credentials-provider) for configuration the Microsoft Graph SDK Credentials.\n   1. Please make sure the credentials have these permissions: `Application.ReadWrite.All`, `AppRoleAssignment.ReadWrite.All`, `Policy.Read.All`, `Policy.ReadWrite.ApplicationConfiguration`, and `User.ReadWrite.All`\n\n### Dependencies \u0026 Tools\n\n1. [Redis Stack](https://redis.io/docs/stack/) - Storing temporary data and will be used for main database\n   1. Recommend using [Redis Docker](https://redis.io/docs/stack/get-started/install/docker/)\n2. [.NET 7](https://dotnet.microsoft.com/en-us/download/dotnet/7.0)\n3. Your IDE\n   1. I recommend using [Visual Studio](https://visualstudio.microsoft.com/) or [Rider](https://www.jetbrains.com/rider/).\n\n### Run Project\n\n```bash\ndotnet run --project AzureADAutomate\n```\n\n## Version\n\nCurrently, this project is still in beta testing.\n\n## Roadmap for Next Iteration\n\n### Version 1\n\n- [ ] Remove AWS Account ID from Environment Variables and will be based on input\n- [ ] Consider existing Enterprise Apps and re-configure existing apps\n\n### Version 2\n\n- [ ] Communication through REST API \u0026 Event-Driven\n\n## Presentation\n\n- [Introduction - Case Study: Connecting Azure AD SSO with AWS](https://docs.google.com/presentation/d/1Ipis0cnnzbUQnikzyDZ5ZX2C3bE-jsFVLGk7co3Ttvo/edit?usp=sharing)\n\n## Resources\n\n### Main Resources\n\n#### Azure AD (AAD)\n\n- [Tutorials/Documentations from Microsoft](https://learn.microsoft.com/en-us/graph/application-saml-sso-configure-api?tabs=csharp)\n- Permissions `Application.ReadWrite.All`, `AppRoleAssignment.ReadWrite.All`, `Policy.Read.All`, `Policy.ReadWrite.ApplicationConfiguration`, and `User.ReadWrite.All`.\n- [App List Dashboard](https://myapps.microsoft.com/)\n\n#### AWS\n\n- [Simple cross-platform application using the AWS SDK for .NET](https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/quick-start-s3-1-cross.html)\n- [AmazonIdentityManagementServiceClient](https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/IAM/TIAMServiceClient.html)\n- [AmazonIdentityManagementServiceClient.CreateSAMLProvider](https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/IAM/MIAMServiceCreateSAMLProviderCreateSAMLProviderRequest.html)\n- [AmazonIdentityManagementServiceClient.AttachRolePolicy](https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/IAM/MIAMServiceAttachRolePolicyAttachRolePolicyRequest.html)\n- [AmazonIdentityManagementServiceClient.CreatePolicy](https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/IAM/MIAMServiceCreatePolicyCreatePolicyRequest.html)\n\n### Setup SSO Manually - Single Account\n\n![Single Account](./images/azureadxaws.drawio.png)\n\n- https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/amazon-web-service-tutorial\n\n### Setup SSO Manually - Multiple Accounts\n\n![Multiple AWS Account](./images/azureadxaws-1.drawio.png)\n\n- https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/aws-multi-accounts-tutorial\n\n### Another Topic - Provisioning\n\n- https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/application-provisioning-configuration-api\n\n### Another Code Samples\n\n- https://learn.microsoft.com/en-us/samples/azure-samples/ms-identity-dotnetcore-galleryapp-management/automate-saml-based-sso-app-configuration-using-ms-graph-api-sdk-net/\n\n### Tools/SDK Documentation\n\n- [Microsoft Graph Client](https://learn.microsoft.com/en-us/graph/sdks/create-client?tabs=CS)\n- [Authentication Provider for MS Graph](https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS#client-credentials-provider)\n\n## License\n\nMIT","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbervproject%2Fazureadxawsintegrator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbervproject%2Fazureadxawsintegrator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbervproject%2Fazureadxawsintegrator/lists"}