AWS IAM Identity Center

This guide will teach you how to set up the connector between AWS Identity Center and Clarity Security.
Estimated time to complete: 15 minutes
If you run into any problems, please contact your support team or support@claritysecurity.io.

How to Setup the Connector

Step 1: Log in to AWS

Step 2: Use the search function to navigate to IAM

Navigate to the IAM (Identity and Access Management) Service within AWS.

Step 3: Navigate to the Users section

On the IAM service screen, navigate to the Users area on the navigation pane on the left side.

Step 4: Create user

Click the Create user button on the screen, all of your current IAM users should be listed.

Step 5: Specify user details

Create a user name for your new user, be as descriptive as possible so its easy to understand the purpose of this new service account. (Ex: clarity-aws-iam-ic)

Step 6: Set permissions

Choose Attach policies directly and using the search box type: "AWSSSO". Select the AWSSSODirectoryAdministrator policy and click Next (bottom right).

Step 7: Review and create

Confirm your user name and the attached policy. If everything matches what you expect, click Create user (bottom right).

Step 8: Select your new IAM user

On the IAM Users page (you should be brought here automatically), click on the blue name (clarity-aws-iam-ic in our example) for the user you just created.

Step 9: Click Create access key

On the details srceen for your new user, click the Create access key button in the upper right.

Step 10: Select "Other" user case

On the Access key best practices & alternatives select the Other use case and then click Next (bottom right).

Step 11: Optionally create a tag for the acess key.

Provide an optional tag for the access key, then click Create access key.

Step 12: Retrieve access keys

Copy the Access key and Secret access key in a secure location, these will be used later. Click Done once you have recorded these details.

Step 13: Use the search function to navigate back to IAM Identity Center

Using the search function at the top of the AWS page, search IAM but this time select IAM Identity Center (successor to AWS Single Sign-On).

Step 14: Click on settings

Click on the Settings button in the upper left on the AWS IAM IC navigation pane.

Step 15: Collect the Region and Identity store ID

Collect the values for Region and Identity store ID from the settings page, these will be used in a later step.

Step 16: Log in to your Clarity tenant

Step 17: Click on the Applications page, then Marketplace

Step 18: Search for AWS Identity Center and click Connect

On the Marketplace screen, search (top right) for AWS Identity Center, then click Connect.

Step 19: Fill out the Connect App form

Details for fields common to all applications can be found in the following article: Common App Configuration Steps

access_key_id: This was collected in Step 12.
secret_access_key: This was collected in Step 12.
identity_store_id: This was collected in Step 15.
aws_region: This was collected in Step 15.

Step 20: Fill out the App Settings form

Details for fields common to all applications can be found in the following article: Common App Configuration Steps

Step 21: Fill out the User Settings form

Details for fields common to all applications can be found in the following article: Common App Configuration Steps

Step 22: Validate Your Selections and Save

Need help?