On Demand SCIM provisioning of Azure AD to AWS IAM Identity Center with PowerShell
- This repo is based on the steps outlined in this article updated June 2023.
Made minor updates to the Configure section for Graph API Permissions
There is an updated version of this solution that uses Azure Functions and Keyvault to store the secrets in this article and repo is here
Configure AWS IAM Identity Center with the steps outlined in this article
- Navigate to Azure Active Directory
- Open the App Registrations blade
- Choose New Registration
- Name: [Example: AWS]
- All other options remain default
- Choose Register
- Open the Certificates & secrets blade
- Choose New client secret
- Choose Add
- Copy the Value shown within Client Secrets
- Navigate to Azure Active Directory
- Open the App Registrations blade
- Choose the app created in the previous task
- Open the API Permissions blade
- Choose Add a permission
- Choose Microsoft Graph
- Choose Application permissions
- Scroll down to Application and expand
- Choose Application.ReadWrite.OwnedBy
- Choose Synchronization.ReadWrite.All
- Choose Add permissions
- Choose Grant admin consent for [Tenant Name]
- Navigate to Azure Active Directory
- Choose Enterprise applications blade
- Choose the app created in the previous task
- Choose Users and groups blade
- Choose Add user
- Choose Users
- Choose service account created in previous task
- Choose Assign
Gather the following properties for input into the PowerShell script
- Navigate to Azure Active Directory
- Choose App Registrations blade
- Choose the app created in the previous task
- Copy the following values:
- Tenant Id
- Application Name
- Application Id
- Client Secret
Note: When copying and pasting in Windows, choose the PowerShell icon, then Edit > Paste.
This library is licensed under the MIT-0 License. See the LICENSE file.