- Overview
- Configuration
AWS
Streamline hiring and onboarding with Workable-AD integration
AWS is a cloud computing platform that provides a wide range of services, including storage, computing power, and databases, helping organizations scale, innovate, and reduce IT infrastructure costs by running applications and storing data securely in the cloud. Integrating AWS with ADManager Plus enables IT administrators to synchronize and manage user accounts across AWS and Active Directory (AD), ensuring user information is consistent across both platforms. This integration streamlines user life cycle management by automating the process of reflecting changes made in one system to the other, minimizing manual effort and reducing the risk of data inconsistencies. It allows IT teams to manage users in AWS environments while maintaining central control over identity management in AD.
List users
This integration allows IT administrators to retrieve and mirror user records from AWS into AD, ensuring that user information is consistent across both platforms. By automatically listing users from AWS, IT teams can maintain an up-to-date view of user accounts within their AD environment, improving identity management and streamlining audit processes.
Update users
When user information is updated in AD, the changes are automatically mirrored in AWS. This ensures that any modifications, such as changes in user roles, permissions, or personal details, are consistently reflected in both AWS and AD environments, reducing the risk of discrepancies and improving overall system efficiency.
Need assistance to integrate Workable with ADManager Plus?
Marketplace document: ADManager Plus - AWS Service Desk integration
Prerequisites
AWS uses AWS Signature as the authorization workflow.
Please provide the Access Key, SecretKey, AWS Region, and Service Name to retrieve the desired information and perform tasks in AWS. Refer to AWS's API references for more details.
To generate an AccessKey and SecretKey:
- Log in to the AWS Console.
- Navigate to Services > All Services > IAM.
- Select Users and choose the user with permissions to fetch AWS users.
- Go to the Security credentials tab.
- Under Access keys, select Create access key.
- Choose Third-party service.
- Enable confirmation, then select Next.
- Click Create access key.
- Choose Done to complete the process.
- Enter the region code for your AWS resources.
- Under Service Name enter IAM as the default service name.
Privileges
To import users (inbound action): Ensure the account used for authorization has permission to read all user accounts.
To perform any action or query in AWS (outbound action): Ensure the account used for authorization has permission to perform the desired action.
Note: ADManager Plus comes with a preconfigured set of APIs that helps perform basic actions with the integration. If the action you require is not available, please gather the necessary API details from the AWS API documentation to configure under inbound/outbound webhooks to perform the required actions.Authorization configuration
- Log in to ADManager Plus and navigate to Directory/Application Settings.
- Go to Application Integrations, then search for and select AWS.
- Toggle on the Enable AWS Integration button.
- On the AWS Configuration page, click Authorization.
- Perform the steps to generate an Access Key, SecretKey, AWS Region, and Service Name and paste the tokens in the respective fields.
- Click Configure.
Inbound webhook configuration
Inbound webhook enables you to fetch user data from AWS to ADManager Plus. The attribute mapping configured in this section can be selected as the data source during automation configuration. To configure an inbound webhook for AWS:
- Under Inbound Webhook, click AWS Endpoint Configuration.
- In the Endpoint Configuration tab, the AWS USERS ENDPOINT comes preconfigured with the Endpoint URL, API Method, Headers, and Parameters fields to fetch user accounts from AWS. Replace {AccessKey} and {SecretKey} with the values of your instance, which can be obtained from your AWS console.
- In the Security & Credentials section, replace {Region} with your region value (default value: us-east-1) and replace {Service Name} with the type of service used; here it is IAM.
- The API key value pair is preconfigured as a header for authenticating API requests as configured during Authorization Configuration.
- Macros: You can add macros to your endpoint configuration to dynamically change it as per your requirement using the macro chooser component.
- Refer to AWS's API references and configure additional headers and parameters, if required.
- Once done, click Test & Save. A response window will display all the requested parameters that can be fetched using the API call. After verifying if the requested parameters have been called to action, click Proceed.
- Refer to AWS's API references to know the Parameters that must be configured to fetch only specific parameters.
- You can configure multiple endpoints for AWS using the + Add API endpoint button. Click here to learn how.
- Click Data Source - LDAP Attribute Mapping to match endpoints and to map the AD LDAP attributes with the respective attributes in AWS.
-
Click + Add New Configuration and perform the following:
- Enter the Configuration Name and Description and select the Automation Category from the drop-down menu.
- In the Select Endpoint field, select the desired endpoint and a Primary Key that is unique to a user (e.g. employeeIdentifier). Note: When multiple endpoints are configured, this attribute must hold the same value in all the endpoints.
- In the Attribute Mapping field, select the attribute from the LDAP Attribute Name drop-down menu and map it with the respective attribute in AWS.
- If you would like to create a new custom format for this, click Add New Format.
- Click Save.
Note:
Note:
Outbound webhook configuration
Outbound webhook enables you to send changes made in AD to AWS, and carry out tasks in AWS—all from ADManager Plus. The webhooks configured in this section can be included in Orchestration Templates, which can be used during event-driven and scheduled automations. They can also be applied directly to desired users to perform a sequence of actions on them ( Management > Advanced Management > Orchestration) . To configure outbound webhooks for AWS:
- Under Outbound Webhook, click AWS Webhook Configuration.
- Click + Add Webhook.
- Enter a name and description for this webhook.
- Decide on the action that has to be performed and refer to AWS's API references for the API details, such as the URL, headers, parameters, and other requirements that will be needed.
- Select the HTTP method that will enable you to perform the desired action on the endpoint from the drop-down menu.
- Enter the endpoint URL.
- Configure the Headers, Parameters, and Message Type in the appropriate format based on the API call that you would like to perform.
- Click Test and Save.
- A pop-up window will then display a list of AD users and groups to test the configured API call. Select the desired user or group for which this API request has to be tested and click OK. This will make a real time call to the endpoint URL, and the selected objects' will be modified as per the configuration.
- The webhook response and request details will then be displayed. Verify them for the expected API behavior and click Save.
