For each deployment destination assigned to an organization, you can provide members of the organization with the ability to access the AWS Management Console and/or the Azure Portal directly through the Service Portal. To enable direct AWS and Azure management portal access, you must provide each member with a cloud role — either an Amazon Resource Name (ARN) or an Azure role definition. The credentials provided by cloud roles are unique for a destination and user within an organization and will allow them to view and/or manage the resources allocated to the destination.
If users are provided with the appropriate roles for the destinations, when they sign in to the Service Portal as members of the organization they'll be able to access native cloud management portals through the Service Portal without separately signing in to those management portals. For information, see Accessing Native Cloud Management Portals.
This topic assumes that you have already set up an organization with the appropriate members and you have set up one or more per-destination quotas for that organization.
Configuration > Identity and Access
Commander Role of Superuser and Enterprise Admin
To provide Service Portal users access to AWS and Azure management portals for a target destination:
- Click the Organizations tab.
- On the Organizations page, select an organization and click Edit.
- In the Configure Organization dialog, click Next until you get to the Member Quotas page for the target destination you want to provide access to.
- On the Member Quotas page, select an organization member to assign a cloud role to.
- Click Edit User.
- In the Edit Member Settings dialog, in the Cloud Console SSO section, enter one of the following in the Role field:
- To allow access to the AWS Management Console from the Service Portal, enter the ARN of the role to assume.
- To allow access to the Azure portal from the Service Portal, enter the Azure role definition ID.
- Click OK.
- Repeat steps 3 through 7 for each target destination that you want to provide access to.
- Click Finish.
Quota details are displayed when you select organizations on the Organizations page.