Managing AWS Users

Once you have connected EmpowerID to AWS, you can manage your AWS users in EmpowerID. This includes creating new AWS users, adding and removing AWS users to and from AWS groups, and deleting AWS users.

For information on adding and removing AWS users to and from AWS groups, see Managing AWS Groups.

This topic demonstrates managing AWS users in EmpowerID and is divided into the following activities:

As prerequisites to managing AWS users in EmpowerID, you must have an AWS account and have created an AWS account store for that account in EmpowerID.

To create an AWS user account in EmpowerID

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to AWS Manager by expanding Pages and clicking AWS Manager.
  2. In AWS Manager, click the User Accounts tab and then click Create User (Person Optional) to initiate the Create User workflow.
  3. When the Create User form for the workflow opens, select the General tab and do the following in the Name Information section:
    1. Select Personal Standard from the Account Type drop-down. This is the default selection.
    2. Type the first name, last name, display name and logon name for the user in the First Name, Last Name, Display Name and Logon Name fields, respectively.
    3. Leave Is Office 365 Account? deselected.
    4. Underneath Account Creation Location, click the Select a Location link, type the name of the AWS account store you created in EmpowerID, click the node for the location to select it and then click Save.
    5. Optionally, type a description and any comments in the Description and Comments or Justification fields, respectively.
    6. Select Join Account to an Existing Person if you want to link the account to a current person. Doing so opens the Account Owner search field. To select the person you want to join the account to, type the name of the person in the search field and then click for that person. This makes that person the owner of the account.
    7. Select Create a new EmpowerID Person object if you want to create a new person for the account. Doing so opens the following fields:
      • Person Business Role selector - This allows you to select the Business Role and Location for the new person (required). To select the Business Role and Location, do the following:
        1. Click the Select a Role and Location link.
        2. Type the name of the Business Role in the Business Role field and press ENTER to populate the Business Role tree with the role.
        3. Click the node for the Business Role to select it.
        4. Click the Location tab.
        5. Type the name of the Location in the Location field and press ENTER to populate the Location tree with the location.
        6. Click the node for the location to select it.
        7. Click Select to close the Business Role and Location selector.
      • User Personal Email to Nofify - This sends an email to the user's personal email address, welcoming them to EmpowerID and notifying them of their username.
      • Management Role to Notify - This sends a notification about the new person to the selected Management Role. To select a Management Role, type the name of the role in the field and then click the tile for that role.
      • Allow me to enter a password - This allows you to set the initial password for the person account. Selecting this option displays the Password and Confirm Password fields, along with the password complexity rules.
  4. Scroll to the Security section and select the appropriate options.
  5. Click Save.

  6. After several moments, EmpowerID creates the user account and displays the View page for the account. You should see the Distinguished Name field shows the AWS User ARN.

To verify the new user in AWS

  1. From your Web browser log in to your AWS account as an administrator.
  2. From the AWS dashboard , click the Users navigational link. You should see the user you just created in EmpowerID.

To delete an AWS user in EmpowerID

  1. From the Navigation Sidebar of the EmpowerID Web interface, navigate to AWS Manager by expanding Pages and clicking AWS Manager.
  2. In AWS Manager, click the Users tab and search for the user account you want to delete.
  3. Click the record for that user account to select it and then click the Delete Account action link.
  4. Click Yes to confirm you want to delete the user.
  5. If you left Wait to see results selected, click OK to close the Operation Execution Summary.

To verify the user deletion in AWS

  1. From your Web browser log in to your AWS console as an administrator.
  2. From the AWS console, select Identity & Access Management.
  3. Click the Users navigational link and search for the user you just deleted. You should no results.
EmpowerID keeps a log of all AWS actions performed in EmpowerID, including what was done, when it was done and who did it. To view these logs, navigate to Change Manager by expanding System Logs in the Navigation Sidebar and clicking Audit Log. Once in Change Manager, search for AWS to filter the changes displayed.