Earlier this week I came to learn about a really cool enhancement that was just added to our VMware Cloud Services Console called Connector-less Self-Service Enterprise Federation Setup, it's a bit of a mouth full, but it basically makes configuring identity federation between the VMware Cloud Services Console and other third party identity provider extremely easy.
Identity federation is not a new feature in VMware Cloud and it has been supported for some time now, but it required customers to deploy the Workspace ONE Access connector into their on-premises environment for federating with either their local or third party identity provider. The new method that was introduced is "connector-less" because it does not require any additional infrastructure to be deployed and it also leverages SAML JIT (Just-in-Time) dynamic provisioning.
While looking at the some the pre-defined identity providers, I noticed that AWS Single Sign-On (SSO) was not listed and since we have customers that use both VMware Cloud on AWS and native AWS services, this would certainly be a nice way to provide a common logon experience. Another benefit is also for customers using the new VMware Cloud with Tanzu services with Tanzu Mission Control (TMC), they can now easily manage secure access and provide their their end users the ability to provision and consume Tanzu Kubernetes Clusters (TKC) without the need of exposing them to the underlying infrastructure which is managed by the Cloud Administrators.
This was certainly a few good reasons to try out this new feature, especially as I have never worked with AWS SSO before.
Here is a quick video for those interested in the final logon experience when VMware Cloud is using AWS SSO as the identity provider: