Shibboleth at NC State » Technical Documentation » AWS Single-Sign-On

NC State Shibboleth - AWS Single-Sign-On

Control Tower Managed Accounts

OIT-IWS manages a number of AWS accounts for various departments using the Control Tower application suite. Every account that has been added to Control Tower is automatically enrolled to use Single-Sign-On (SSO) with Shibboleth.

To login to the SSO portal, use this link:

Once there, you can expand the AWS Account list to see the accounts where your userid has permissions. Click one of those links to open the console for your account.

Access control is set up at the time of Control Tower enrollment. Users are assigned to groups using Persona which are then synchronized 3x/day to the corresponding groups in AWS SSO.

Legacy Accounts

We also have a couple SP entries set up for AWS logins from before Control Tower. These require custom AD groups to be set up. We will not be adding more accounts to this setup.

If you need to login to one of these accounts, use these links: