Skip to content
English
More support Customer portal Sign in
Go to gathid.com
  • There are no suggestions because the search field is empty.

AWS Identity Center (IDC) - System Data Connector

Gathid can be configured to download identity data from your AWS Identity Center instance using an API. The following guide will assist you with configuring your system so that Gathid can automatically extract the data.

This guide outlines the standard process for a Gathid Data connector configuration.

The AWS Identity Center Data Connector is not enabled by default on your Gathid instance.

Contact your Gathid representative to enable the AWS Identity Center Data Connector on your instance.

Summary

  1. Validate that the new AWS Identity Center API connector is available on your Gathid instance

  2. Create an IAM user and assign permissions
  3. Obtain an Access Key and Secret Key for the Gathid connector
  4. Obtain region and Identity Center Store ID
  5. Configure the Prep Script tab in the AWS Identity Center Loader
  6. Connect external relationships for AWS Identity Center to your other source systems

Steps to configure the AWS Identity Center data connector in Gathid

1. Validate that the new AWS Identity Center API connector is available on your Gathid instance

  1. As an Administrator, log into Gathid and navigate to Administration Loaders.

  2. You should see new AWS Identity Center loader in the list, in a Disabled state.

REMINDER: To be able to see Administration menu option you need to be in ADMINISTRATOR role.

2. Create an IAM user and assign permissions


If you already have a User available for Gathid access, ensure that you have the correct Access Policy (see step 2.7 below) assigned to this User and then continue on to Obtain an Access Key and Secret Key for the Gathid connector.

 

  1. Log in to your AWS Management Console with a user that has administrative privileges.
  2. Navigate to the IAM (Identity and Access Management) service by searching for IAM in the search bar.

  3. From the left side bar, under Dashboard, Access Management, select Users.
    Then select Create user.

  4. For Step 1: Specify user details, provide a User name (e.g. "gathid-idc-access") and click on Next.
  5. For Step 2: Set permissions, select "Attach policies directly" and then click on "Create policy". This will open a new tab in your browser allowing you to create a new Policy.
  6. On the Specify permissions page, on the right-hand side of Policy editor, select the JSON tab. Delete the existing JSON and paste the following: 
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "sso:ListInstances",
                    "sso:ListPermissionSets",
                    "sso:ListManagedPoliciesInPermissionSet",
                    "sso:ListAccountAssignmentsForPrincipal",
                    "sso:DescribePermissionSet",
                    "organizations:ListAccounts",
                    "organizations:DescribeAccount",
                    "sso-directory:SearchUsers",
                    "identitystore:ListGroups",
                    "identitystore:ListGroupMemberships"
                ],
                "Resource": "*"
            }
        ]
    }
  7. Click Next.

  8. On the Review and create page, under Policy details, provide a Policy name (e.g., "GathidIDCAccessPolicy"). At the bottom of the page click Create policy.

  9. After the policy has been created, this tab can be closed.

  10. Back on the Create user page, refresh the policies so that the newly created one appears in the list. Find the new policy by using the search bar.
    Select the new policy and click Next.

    AWS_IDC_image1

  11. For Step 3: Review and create, click on Create user. After the user is created, a confirmation message appears at the top of the screen.

 

3. Obtain an Access Key and Secret Key for the Gathid connector

  1. After a User has been created and the Access Policy has been assigned to it, return to the IAM Dashboard, under Access Management, select Users from the side bar.

  2. Use the search box to find the User that you have set up for Gathid access (e.g. "gathid-idc-access") and click on that User name.

  3. On the User details page, in the Summary section on the right-hand-side, click Create access key.

  4. For Step 1: Access key best practices & alternatives, select Other and click Next.

  5. For Step 2: Set description tag - optional, click Create access key.
    A confirmation message appears at the top of the screen. Do not leave this screen without downloading the credentials as they cannot be recovered.
  6. Either copy the Access key and the Secret Access key or click Download.csv file.
    Keep these credentials as they will be required in the step to configure the Gathid loader.
  7. Click Done.

 

4. Obtain region and Identity Center Store ID

  1. While still logged in to the AWS Management console, navigate to the IAM Identity Center service by searching for IAM Identity Center in the search bar.
  2. Click on Settings from the left-hand-side menu.
  3. On the Settings page, in the Details section, can locate the Region, (e.g., ‘us-east-1’).
    Save this information as it will be required in the step to configure the Gathid loader.
  4. Below, in the Identity Source section, locate the Identity Store ID.
    Save this information as it will be required in the step to configure the Gathid loader.

    AWS_IDC_image2

 

5. Configure the Prep Script tab in the AWS Identity Center Loader

  1. As an Administrator, log into Gathid and navigate to Administration Systems.
  2. Click Add System
  3. Select on AWS Identity Center loader
  4. Enter the following configuration details retrieved in the previous steps.
    Access Key
    Secret Key
    Identity Store Id
    Region
  5. Click Add System
  6. Scroll through the auto-configuration.
  7. Click on Save in the bottom right-hand side of page.


Next Steps: 

Add External Relationships