{"id":550,"date":"2017-05-04T17:52:44","date_gmt":"2017-05-04T15:52:44","guid":{"rendered":"https:\/\/blog.besharp.it\/creative-idea-single-sign-on-with-g-suite-for-development-clients\/"},"modified":"2021-03-29T16:26:42","modified_gmt":"2021-03-29T14:26:42","slug":"creative-idea-single-sign-on-with-g-suite-for-development-clients","status":"publish","type":"post","link":"https:\/\/blog.besharp.it\/creative-idea-single-sign-on-with-g-suite-for-development-clients\/","title":{"rendered":"Creative idea: Single-sign-on with G Suite for development clients!"},"content":{"rendered":"
In the\u00a0last article<\/strong><\/a>, we discussed how to use corporate G Suite accounts to log in via\u00a0Single-Sign-On<\/strong>\u00a0on the\u00a0Amazon Web Services<\/strong>\u00a0web console.<\/p>\n Access to the web console only covers some of the needs of people who work with AWS every day. In particular, developers and DevOps almost always require an\u00a0access key\/secret key pair<\/strong><\/a>\u00a0on their PCs to use the\u00a0AWS CLI<\/strong><\/a>, to call single AWS APIs (such as the ones for new AI services such as\u00a0Rekognition <\/strong><\/a>and\u00a0<\/strong>Lex<\/strong><\/a>), and to be able to use all the desktop applications (for example, the various file managers based on S3\u200a\u2014\u200asuch as the excellent\u00a0CloudBerry File Explorer<\/strong><\/a>, or Git clients for using\u00a0CodeCommit<\/strong><\/a>) which in turn use the AWS APIs.<\/p>\n Access keys and secret keys are\u00a0not directly bound to one IAM role<\/strong> (whose use through the AssumeRole API we have already seen to be security best practice) but\u00a0require a dedicated IAM user<\/strong>, which would make it pointless to assume an AWS role with centralised credentials.<\/p>\n With no way around it, this limitation required a somewhat creative solution, and so we at\u00a0beSharp came up with beAuth.<\/strong><\/p>\n