![]() AppStream 2.0 CBA authentication workflow To learn more about AWS Private CA short-lived certificate mode, please visit the AWS Private Certificate Authority User Guide. With AppStream 2.0 CBA, no administration or user intervention is required to manage user certificates. This can additionally improve security since certificates have a short validity period. By doing this, the AWS Private CA short-lived certificate mode allows you to align the lifetime of a user’s session credentials with a unique AppStream session and fleet instance. AppStream 2.0 CBA uses AWS Private CA’s recently launched short-lived certificate mode to rotate user certificates for every AppStream 2.0 session. Configuring AWS Private CA is a prerequisite to utilize AppStream 2.0 CBA. AppStream 2.0 CBA with AWS Private Certificate Authority (Private CA)ĪWS Private Certificate Authority (AWS Private CA) is a highly available, fully managed Public Key Infrastructure (PKI) service. Accessing resources without a second password prompt can enhance security and improve ease of use for end users. Certificate-based authentication enables a single sign-on logon experience to access domain-joined desktop and application streaming sessions. 0 identity provider, such as passwordless authentication, to access AppStream 2.0 resources. Benefits of Certificate-Based Authentication with AppStream 2.0īy using CBA, you can achieve single sign-on in conjunction with the security and logon experience features of your SAML 2. This can disrupt the user authentication flow. When using SAML authentication without CBA, there is a second domain password prompt during user authentication. To access domain joined instances, there is a requirement of SAML 2.0-based user federation. With Active Directory domain joined instances, you can enable file and share access, and other domain-joined resources. ![]() With Active Directory, you can deploy consistent enterprise compliance and security policies. ![]() You can use Active Directory with AppStream 2.0 to centralize user and computer object management. It also shows the authentication workflow. The blog also provides a high-level view of the architecture of CBA with AppStream 2.0. In this blog, I outline the benefits of CBA. ![]() CBA enables you to authenticate users with user certificates when they launch their Active Directory domain joined AppStream sessions. Amazon AppStream 2.0 now supports certificate-based authentication (CBA). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |