Authentication on Chris Rants at Clouds https://chris.funderburg.me/tags/authentication/ Recent content in Authentication on Chris Rants at Clouds Chris Rants at Clouds https://chris.funderburg.me/me.jpg https://chris.funderburg.me/me.jpg Hugo -- 0.157.0 en-gb Wed, 07 Aug 2024 19:14:02 +0100 07/Aug/2024 - TIL https://chris.funderburg.me/posts/2024/08/07/til/ Wed, 07 Aug 2024 19:14:02 +0100 https://chris.funderburg.me/posts/2024/08/07/til/ Today I learned: Google Workspace SAML certificates expire after 5 years. Today I Learned:

Google Workspace SAML certificates expire after 5 years.

And when it does, if you use that to log into AWS, you suddenly can’t. So, either keep a backup IAM account handy, or remember the details of your AWS root account. Any and all access methods should have 2FA enabled!

AWS and Google SAML

It’s an easy fix to just log back into Workspace Admin -> Apps -> Web and Mobile Apps, go into the particular application, click on Service Provider Details, Manage Certificates, Add Certificate, then finally Download Metadata.

You take that file, go back to AWS Console, then into IAM -> Identity Providers -> your-saml-provider -> Replace Metadata, then upload the file from the previous step.

Job done!

]]>