![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
.jpg?#)
.png?#)
-Baldur’s-Gate-3-The-Final-Patch---An-Animated-Short-00-03-43.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Aleksey_Funtap_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![‘Samsung Auto’ is an Android Auto alternative for Galaxy phones you can’t use [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/04/samsung-auto-12.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Taps Samsung as Exclusive OLED Supplier for Foldable iPhone [Report]](https://www.iclarified.com/images/news/97020/97020/97020-640.jpg)
![Apple's Foldable iPhone Won't Have Face ID for Under-Display Camera [Rumor]](https://www.iclarified.com/images/news/97017/97017/97017-640.jpg)
Google Workspace: as IdP for AWS login.
Với Google Workspace, Chúng ta có thể tạo SSO cho AWS theo 2 cách: Pre-integrated SAML: Là những App được Google định nghĩa sẵn. Ưu điểm: hỗ trợ Automatic Provisioning Nhược điểm: Chỉ tạo được 1 Application Custom SAML application: Dành cho những application mà Google chưa định nghĩa ở trên. Ưu điểm: Tạo được nhiều Custom Application, phù hợp cho doanh nghiệp lớn, có nhiều phòng ban, sử dụng nhiều AWS account, AWS Organizations... Nhước điểm:: Không hỗ trợ Automatic Provisioning So sánh chi tiết hơn: Feature Pre-integrated SAML Apps Custom SAML Apps Definition Pre-configured apps available in Google Workspace's catalog for easy integration. Manually configured apps for services not listed in the catalog. Setup Complexity Simplified setup with pre-defined parameters (e.g., ACS URL, Entity ID). Requires manual entry of service provider details (e.g., ACS URL, Entity ID, certificate). Supported Applications Over 200 popular cloud apps (e.g., Salesforce, Slack, Dropbox). Any app that supports SAML 2.0 but is not pre-listed. User Provisioning Supports automated user provisioning via SCIM for certain apps. Requires manual user provisioning or separate SCIM configuration. Attribute Mapping Pre-defined attribute mappings for supported apps. Customizable attribute mappings based on the app's requirements. Use Case Ideal for widely-used enterprise applications with standard configurations. Suitable for custom-built or niche applications requiring tailored SSO settings. Maintenance Minimal; updates are managed by Google Workspace. Requires ongoing maintenance to ensure compatibility with the app. Number of App Instances Allowed Only Once per Application: Each app from the catalog can only be created once. Unlimited: You can create multiple custom apps for different groups or use cases. Về phía AWS, Hiện tại chúng ta sử dụng SSO với IdP là Google Workspace có 2 cách: IAM Identity Providers và IAM Identity Center Cùng so sánh: Comparison: IAM Identity Providers vs IAM Identity Center + External IdP (SSO) Criteria IAM Identity Providers (SAML in IAM) IAM Identity Center + External IdP (SSO) Configured in IAM > Identity Providers + Roles IAM Identity Center > Settings > External Identity Provider SSO Protocol SAML 2.0 SAML 2.0 (OIDC support is coming) User Experience ❌ Manual login via /saml URL, no user portal ✅ Has AWS SSO Portal (e.g., https://d-xxxx.awsapps.com/start) User Provisioning ❌ Not supported ✅ Supports SCIM or Just-in-time (JIT) provisioning Access Control (Roles) Roles manually mapped via SAML attributes ✅ Assign permission sets based on users/groups from IdP Admin UX / UI Basic and limited ✅ Intuitive, full-featured management interface Multi-account Support (Organizations) ❌ No built-in support ✅ Native support for multi-account via AWS Organizations Third-party IdP Integration Supported but manual ✅ Simple metadata-based setup CLI / SDK / AWS Console Access ✅ Supported but requires scripts ✅ Seamless via aws configure sso Scalability Limited for large orgs ✅ Highly scalable, enterprise-ready Cost Free Free AWS Recommendation ❌ Legacy, no new feature development ✅ Officially recommended by AWS
Với Google Workspace,
Chúng ta có thể tạo SSO cho AWS theo 2 cách:
- Pre-integrated SAML: Là những App được Google định nghĩa sẵn.
- Ưu điểm: hỗ trợ Automatic Provisioning
Nhược điểm: Chỉ tạo được 1 Application
Custom SAML application: Dành cho những application mà Google chưa định nghĩa ở trên.
Ưu điểm: Tạo được nhiều Custom Application, phù hợp cho doanh nghiệp lớn, có nhiều phòng ban, sử dụng nhiều AWS account, AWS Organizations...
Nhước điểm:: Không hỗ trợ Automatic Provisioning
So sánh chi tiết hơn:
| Feature | Pre-integrated SAML Apps | Custom SAML Apps |
|---|---|---|
| Definition | Pre-configured apps available in Google Workspace's catalog for easy integration. | Manually configured apps for services not listed in the catalog. |
| Setup Complexity | Simplified setup with pre-defined parameters (e.g., ACS URL, Entity ID). | Requires manual entry of service provider details (e.g., ACS URL, Entity ID, certificate). |
| Supported Applications | Over 200 popular cloud apps (e.g., Salesforce, Slack, Dropbox). | Any app that supports SAML 2.0 but is not pre-listed. |
| User Provisioning | Supports automated user provisioning via SCIM for certain apps. | Requires manual user provisioning or separate SCIM configuration. |
| Attribute Mapping | Pre-defined attribute mappings for supported apps. | Customizable attribute mappings based on the app's requirements. |
| Use Case | Ideal for widely-used enterprise applications with standard configurations. | Suitable for custom-built or niche applications requiring tailored SSO settings. |
| Maintenance | Minimal; updates are managed by Google Workspace. | Requires ongoing maintenance to ensure compatibility with the app. |
| Number of App Instances Allowed | Only Once per Application: Each app from the catalog can only be created once. | Unlimited: You can create multiple custom apps for different groups or use cases. |
Về phía AWS,
Hiện tại chúng ta sử dụng SSO với IdP là Google Workspace có 2 cách: IAM Identity Providers và IAM Identity Center
Cùng so sánh:
Comparison: IAM Identity Providers vs IAM Identity Center + External IdP (SSO)
| Criteria | IAM Identity Providers (SAML in IAM) | IAM Identity Center + External IdP (SSO) |
|---|---|---|
| Configured in | IAM > Identity Providers + Roles | IAM Identity Center > Settings > External Identity Provider |
| SSO Protocol | SAML 2.0 | SAML 2.0 (OIDC support is coming) |
| User Experience | ❌ Manual login via /saml URL, no user portal |
✅ Has AWS SSO Portal (e.g., https://d-xxxx.awsapps.com/start) |
| User Provisioning | ❌ Not supported | ✅ Supports SCIM or Just-in-time (JIT) provisioning |
| Access Control (Roles) | Roles manually mapped via SAML attributes | ✅ Assign permission sets based on users/groups from IdP |
| Admin UX / UI | Basic and limited | ✅ Intuitive, full-featured management interface |
| Multi-account Support (Organizations) | ❌ No built-in support | ✅ Native support for multi-account via AWS Organizations |
| Third-party IdP Integration | Supported but manual | ✅ Simple metadata-based setup |
| CLI / SDK / AWS Console Access | ✅ Supported but requires scripts | ✅ Seamless via aws configure sso
|
| Scalability | Limited for large orgs | ✅ Highly scalable, enterprise-ready |
| Cost | Free | Free |
| AWS Recommendation | ❌ Legacy, no new feature development | ✅ Officially recommended by AWS |
