{"id":1095,"date":"2021-10-28T08:40:21","date_gmt":"2021-10-28T08:40:21","guid":{"rendered":"https:\/\/salarydistribution.com\/machine-learning\/2021\/10\/28\/onboard-onelogin-sso-users-to-amazon-sagemaker-studio\/"},"modified":"2021-10-28T08:40:21","modified_gmt":"2021-10-28T08:40:21","slug":"onboard-onelogin-sso-users-to-amazon-sagemaker-studio","status":"publish","type":"post","link":"https:\/\/salarydistribution.com\/machine-learning\/2021\/10\/28\/onboard-onelogin-sso-users-to-amazon-sagemaker-studio\/","title":{"rendered":"Onboard OneLogin SSO users to Amazon SageMaker Studio"},"content":{"rendered":"<div id=\"\">\n<p><a href=\"https:\/\/aws.amazon.com\/sagemaker\/\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon SageMaker<\/a> is a fully managed service that provides every machine learning (ML) developer and data scientist the ability to build, train, and deploy ML models at scale. <a href=\"https:\/\/aws.amazon.com\/sagemaker\/studio\/\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon SageMaker Studio<\/a> is a web-based, integrated development environment (IDE) for ML. Amazon SageMaker Studio provides all the tools you need to take your models from experimentation to production while boosting your productivity. You can write code, track experiments, visualize data, and perform debugging and monitoring within a single, integrated visual interface.<\/p>\n<p><a href=\"https:\/\/www.onelogin.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">OneLogin<\/a> is an identity platform for secure, scalable, and smart experiences that connects people to technology. OneLogin\u2019s authentication and role-based user provisioning engine enables organizations to implement least privilege access controls and eliminate manual user management workflows for all AWS users and accounts.<\/p>\n<p>In this post, we walk you through the steps to onboard existing users in OneLogin to Amazon SageMaker Studio. We also demonstrate the single sign-on (SSO) experience for system administrators and Amazon SageMaker Studio users.<\/p>\n<h2>Key Components<\/h2>\n<p>The solution contains the following key components:<\/p>\n<ul>\n<li><strong>AWS SSO<\/strong> \u2013 <a href=\"https:\/\/aws.amazon.com\/single-sign-on\/\" target=\"_blank\" rel=\"noopener noreferrer\">AWS Single Sign-On<\/a> (AWS SSO) allows you to efficiently manage user identities at scale by establishing a single identity and access strategy across your own applications, third-party applications (SaaS), and AWS environments.<\/li>\n<li><strong>OneLogin\u2019s connector for AWS SSO<\/strong> \u2013 The connector configures SAML 2.0 and System for Cross-domain Integration Management (SCIM) integration between OneLogin and AWS SSO.<\/li>\n<li><strong>Users and groups<\/strong> \u2013 Individual users or users belonging to specific groups like administrators, developers, or finance in OneLogin are automatically synced with AWS SSO via SCIM.<\/li>\n<li><strong>Domain<\/strong> \u2013 A primary component of Amazon SageMaker Studio is a domain. The domain consists of a list of authorized users (called user profiles), and configurations such as <a href=\"http:\/\/aws.amazon.com\/vpc\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon Virtual Private Cloud<\/a> (Amazon VPC) configurations and the default <a href=\"http:\/\/aws.amazon.com\/iam\" target=\"_blank\" rel=\"noopener noreferrer\">AWS Identity and Access Management<\/a> (IAM) execution role.<\/li>\n<li><strong>User profile<\/strong> \u2013 The user profile (user) is a configuration for the user that exists in the SageMaker domain. The user profile defines various configuration settings for the user, including the execution role and the default app specifications.<\/li>\n<li><strong>Execution role<\/strong> \u2013 The IAM execution role is the primary role that is assumed by the users and the service on behalf of the user to allow them to perform certain actions and provision resources in Studio.<\/li>\n<\/ul>\n<h2>Reference Architecture<\/h2>\n<p>The following architecture diagram shows the flow of authentication and authorization from OneLogin to Amazon SageMaker Studio. Users log in through OneLogin, which authenticates them and passes a SAML authentication to AWS SSO. Once logged in, they can select the Amazon SageMaker Studio app, which assumes the SageMaker execution role attached to their user profile to create a pre-signed domain URL. This pre-signed domain URL is used directly log in the users to their JupyterServer environment.<\/p>\n<p><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image001.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28553\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image001.png\" alt=\"\" width=\"1428\" height=\"634\"><\/a><\/p>\n<h2>Prerequisites<\/h2>\n<p>Make sure you have the following prerequisites:<\/p>\n<ul>\n<li>A OneLogin account, for which we use a free <a href=\"https:\/\/www.onelogin.com\/developer-signup\" target=\"_blank\" rel=\"noopener noreferrer\">OneLogin developer account<\/a> to create our OneLogin instance and test users<\/li>\n<li>An AWS account with administrator privileges to set up the AWS SSO integration and access to create policies for Amazon SageMaker Studio<\/li>\n<\/ul>\n<h2>Step 1: Set up the AWS application in OneLogin<\/h2>\n<p>On your OneLogin account, log in with administrator privileges and navigate to Applications. In the upper-right, choose Add app. Next, search for and then choose AWS Single Sign-On.<\/p>\n<p><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image002.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28554\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image002.png\" alt=\"\" width=\"936\" height=\"508\"><\/a><\/p>\n<h2>Step 2: Download the Identity Provider Metadata<\/h2>\n<p>Next, we need to get the IdP metadata from OneLogin, which we use to register on AWS. Inside your OneLogin AWS Single Sign-On application, navigate to <strong>More Actions<\/strong>, then download and save the IdP metadata as <code>onelogin-aws.xml<\/code>.<\/p>\n<p><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image003.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28555\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image003.png\" alt=\"\" width=\"936\" height=\"516\"><\/a><\/p>\n<h2>Step 3: Enable AWS SSO and set up SCIM<\/h2>\n<p>Make sure that AWS SSO is enabled. If not, see <a href=\"https:\/\/docs.aws.amazon.com\/singlesignon\/latest\/userguide\/step1.html\" target=\"_blank\" rel=\"noopener noreferrer\">Enable AWS SSO<\/a>. AWS SSO provides support for the SCIM v2.0 standard. <a href=\"https:\/\/docs.aws.amazon.com\/singlesignon\/latest\/userguide\/scim-profile-saml.html\" target=\"_blank\" rel=\"noopener noreferrer\">SCIM<\/a> keeps your AWS SSO identities in sync with identities from your IdP. This includes any provisioning, updates, and de-provisioning of users between your IdP and AWS SSO. Using SCIM integration saves your IT and admin teams the time and effort of implementing custom solutions to cross-replicate user names and email addresses between AWS SSO and your IdPs.<\/p>\n<ol>\n<li>On the AWS SSO console, choose <strong>Settings<\/strong> in the navigation pane.<\/li>\n<li>Next to <strong>Identity source<\/strong>, choose <strong>Change<\/strong>.<br \/><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image004.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28556\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image004.png\" alt=\"\" width=\"1430\" height=\"345\"><\/a><\/li>\n<li>Select <strong>External identity provider<\/strong>.<\/li>\n<li>For <strong>AWS SSO SAML metadata<\/strong>, upload the OneLogin metadata XML that you downloaded earlier.<br \/><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image005.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28557\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image005.png\" alt=\"\" width=\"936\" height=\"838\"><\/a><\/li>\n<li>Update the provisioning from <strong>Manual <\/strong>to <strong>SCIM <\/strong>by choosing <strong>Enable automatic provisioning<\/strong>.<br \/><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image06.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28558\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image06.png\" alt=\"\" width=\"1428\" height=\"464\"><\/a><\/li>\n<\/ol>\n<h2>Step 4: Get integration information from AWS SSO<\/h2>\n<p>To complete the integration on the OneLogin side, you need the following:<\/p>\n<ul>\n<li><strong>SCIM endpoint<\/strong> (also known as the SCIM Base URL)<\/li>\n<li><strong>Access token<\/strong> (also known as a SCIM Bearer token)<\/li>\n<li><strong>AWS SSO ACS URL<\/strong><\/li>\n<li><strong>AWS SSO issuer URL<\/strong><\/li>\n<\/ul>\n<p>The information is available on the <strong>Settings <\/strong>page on the AWS SSO console. The endpoint and access token are on the <strong>Automatic provisioning <\/strong>page, as shown in the following screenshot.<\/p>\n<p><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image007.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28559\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image007.png\" alt=\"\" width=\"1431\" height=\"613\"><\/a><\/p>\n<p>Choose <strong>View details<\/strong> for <strong>Authentication SAML 2.0<\/strong> and copy the AWS SSO ACS URL and AWS SSO issuer URL.<\/p>\n<p><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image08.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28560\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image08.png\" alt=\"\" width=\"977\" height=\"412\"><\/a><\/p>\n<p>Now that you have these four pieces of information, it\u2019s time to go to <strong>OneLogin<\/strong> to finalize the integration.<\/p>\n<h2>Step 5: Establish SAML authentication between OneLogin (your IdP) and AWS SSO<\/h2>\n<p>To establish your SAML authentication, complete the following steps:<\/p>\n<ol>\n<li>Log back in to your OneLogin portal as admin into your previously configured AWS SSO app.<\/li>\n<li>Choose <strong>Configuration<\/strong> and enter the details that you gathered in the previous section (AWS SSO issuer URL, AWS SSO ACS URL, SCIM Base URL, and SCIM Bearer token) and choose <strong>Save<\/strong>.<\/li>\n<\/ol>\n<p>Make sure to remove any trailing slashes (\/).<\/p>\n<p><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image010.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28562\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image010.png\" alt=\"\" width=\"936\" height=\"488\"><\/a><\/p>\n<ol start=\"3\">\n<li>Choose <strong>Provisioning<\/strong> in the navigation pane.<\/li>\n<li>Select <strong>Enable provisioning<\/strong>.<\/li>\n<li>You can select <strong>Create user<\/strong>, <strong>Delete user<\/strong>, and <strong>Update user<\/strong> for admin approval on these actions.<\/li>\n<li>Save your configuration.<\/li>\n<\/ol>\n<h2>Step 6: Assign and sync users from OneLogin to AWS SSO, to access Amazon SageMaker Studio<\/h2>\n<p>In your OneLogin portal, on the top ribbon navigate to <strong>Users<\/strong> and assign the users in your organization to your newly created AWS Single Sign-On application to provide access to Amazon SageMaker Studio.<\/p>\n<p><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/14\/ML-3071-STEP6-IMG1.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-29328\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/14\/ML-3071-STEP6-IMG1.png\" alt=\"\" width=\"942\" height=\"211\"><\/a><\/p>\n<p>Verify if this user or group has synced into AWS SSO via SCIM by checking the <strong>Users <\/strong>page on the AWS SSO console.<\/p>\n<p><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/14\/ML-3071-STEP6-IMG2.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-29329\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/14\/ML-3071-STEP6-IMG2.png\" alt=\"\" width=\"943\" height=\"470\"><\/a><\/p>\n<h2>Step 7: Create your Amazon SageMaker Studio environment<\/h2>\n<p>You can set up your Amazon SageMaker Studio environment by navigating to Amazon SageMaker Studio on your AWS account.<\/p>\n<ol>\n<li>On the SageMaker console, choose <strong>Amazon SageMaker Studio<\/strong>.<\/li>\n<li>Choose <strong>Get started <\/strong>and select <strong>Standard setup<\/strong>.<\/li>\n<li>For<strong> Authentication method<\/strong>, select<strong> AWS Single Sign-On (SSO<\/strong>).<\/li>\n<\/ol>\n<p>Make sure that AWS SSO is enabled in the same Region as your Amazon SageMaker Studio.<br \/><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/14\/ML-3071-STEP7.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-29330\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/14\/ML-3071-STEP7.png\" alt=\"\" width=\"937\" height=\"400\"><\/a><\/p>\n<ol start=\"4\">\n<li>Under <strong>Permission<\/strong>, create a new IAM role with appropriate access to <a href=\"http:\/\/aws.amazon.com\/s3\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon Simple Storage Service<\/a> (Amazon S3) buckets, or choose an existing IAM role.<br \/><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image014.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28566\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image014.png\" alt=\"\" width=\"1430\" height=\"372\"><\/a><\/li>\n<\/ol>\n<h2>Step 8: Specify additional configurations for Amazon SageMaker Studio<\/h2>\n<p>You also have the option to set additional configurations.<\/p>\n<ol>\n<li>Use the default values for <strong>Network sharing configuration<\/strong> and <strong>SageMaker Projects and JumpStart<\/strong>.<br \/><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image015.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28567\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image015.png\" alt=\"\" width=\"936\" height=\"144\"><\/a><\/li>\n<li>In the <strong>Network and storage<\/strong> section, we use our custom VPC and subnets, which creates the <a href=\"https:\/\/aws.amazon.com\/efs\/\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon Elastic File System<\/a> (Amazon EFS) domain in the VPC we specify.<\/li>\n<li>Select <strong>Public internet Only <\/strong>to allow default internet access for SageMaker.<br \/><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image016.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28568\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image016.png\" alt=\"\" width=\"936\" height=\"366\"><\/a><\/li>\n<li>Choose <strong>Submit<\/strong>.<\/li>\n<\/ol>\n<p>Amazon SageMaker Studio creates a domain and sets up AWS SSO for the domain. This process should take around 10 minutes to complete. The domain status shows as Ready when the provisioning is complete.<\/p>\n<h2>Step 9: Assign users to your newly created Amazon SageMaker Studio Environment<\/h2>\n<p>Choose <strong>Assign Users and groups<\/strong> to assign users who were created via OneLogin and are\u00ad synced into AWS SSO.<\/p>\n<p><strong> <a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/14\/ML-3071-STEP9-IMG1.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-29331\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/14\/ML-3071-STEP9-IMG1.png\" alt=\"\" width=\"3326\" height=\"890\"><\/a> <\/strong><\/p>\n<p>You can assign users to Amazon SageMaker Studio environment by selecting the check box next to <strong>Display name <\/strong>and <strong>\u00ad\u00adEmail<\/strong>.<\/p>\n<p><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/14\/ML-3071-STEP9-IMG2.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-29332\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/10\/14\/ML-3071-STEP9-IMG2.png\" alt=\"\" width=\"938\" height=\"600\"><\/a><\/p>\n<h2>Step 10: Verify the integration and log in to your Amazon SageMaker Studio environment<\/h2>\n<p>Under <strong>Studio Summary<\/strong>, you can notice the <strong>Execution Role<\/strong> that you created in the previous step. You can now log in to your Amazon SageMaker Studio environment.<\/p>\n<ol>\n<li>Sign in to the OneLogin user portal.<br \/><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image017.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28569\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image017.png\" alt=\"\" width=\"1429\" height=\"845\"><\/a><\/li>\n<li>Choose the AWS SSO app.<br \/><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image018.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28570\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image018.png\" alt=\"\" width=\"1429\" height=\"526\"><\/a><\/li>\n<li>Choose the tile which says Amazon SageMaker Studio to seamlessly log into your Amazon SageMaker Studio environment.<br \/><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image019.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28571\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image019.png\" alt=\"\" width=\"1431\" height=\"462\"><\/a><\/li>\n<\/ol>\n<p>You\u2019re logged in directly to your user profile inside Amazon SageMaker Studio.<\/p>\n<p><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image020.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-28572\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/24\/ML3071-image020.png\" alt=\"\" width=\"1429\" height=\"737\"><\/a><\/p>\n<p>You can also verify the user profiles in Amazon SageMaker Studio directly using the <a href=\"http:\/\/aws.amazon.com\/cli\" target=\"_blank\" rel=\"noopener noreferrer\">AWS Command Line Interface<\/a> (AWS CLI):<\/p>\n<div class=\"hide-language\">\n<pre><code class=\"lang-bash\">`aws sagemaker describe-user-profile --domain-id <span>&lt;yourdomainname&gt;<\/span> \u2014user-profile-name <span>&lt;username&gt;<\/span>`<\/code><\/pre>\n<\/p><\/div>\n<h2>Conclusion<\/h2>\n<p>In this post, we walked through the steps to onboard existing OneLogin SSO users to Amazon SageMaker Studio. We also looked at a reference architecture and how to verify the setup. For more information about using AWS SSO with Amazon SageMaker Studio, see <a href=\"https:\/\/docs.aws.amazon.com\/sagemaker\/latest\/dg\/onboard-sso-users.html\" target=\"_blank\" rel=\"noopener noreferrer\">Onboard to Amazon SageMaker Studio Using AWS SSO<\/a>.<\/p>\n<hr>\n<h3>About the Author<\/h3>\n<p><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/04\/13\/Sam-Palani.jpg\"><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-23496 alignleft\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/04\/13\/Sam-Palani.jpg\" alt=\"\" width=\"100\" height=\"129\"><\/a><strong>Sam Palani<\/strong>\u00a0is an AI\/ML Specialist Solutions Architect at AWS. He enjoys working with customers to help them architect machine learning solutions at scale. When not helping customers, he enjoys reading and exploring the outdoors.<\/p>\n<p><strong><a href=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/27\/Sunil-R.png\"><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-28607 alignleft\" src=\"https:\/\/d2908q01vomqb2.cloudfront.net\/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59\/2021\/09\/27\/Sunil-R.png\" alt=\"\" width=\"100\" height=\"110\"><\/a>Sunil Ramachandra<\/strong> is a Senior Technical Account Manager at AWS. As a principal technical advisor and \u2018voice of the customer\u2019 he helps organizations ranging from start-ups to Fortune 500 enterprises to innovate and operate their workloads on AWS. Sunil is passionate about building AWS integrations that enable Independent Software Vendors (ISVs).When not helping customers, Sunil enjoys spending time with his family, running, meditating and watching movies or originals on Prime Video.<\/p>\n<p>       <!-- '\"` -->\n      <\/div>\n","protected":false},"excerpt":{"rendered":"<p>https:\/\/aws.amazon.com\/blogs\/machine-learning\/onboard-onelogin-sso-users-to-amazon-sagemaker-studio\/<\/p>\n","protected":false},"author":0,"featured_media":1096,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/posts\/1095"}],"collection":[{"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/comments?post=1095"}],"version-history":[{"count":0,"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/posts\/1095\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/media\/1096"}],"wp:attachment":[{"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/media?parent=1095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/categories?post=1095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/salarydistribution.com\/machine-learning\/wp-json\/wp\/v2\/tags?post=1095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}