DEV Community

Selvaprakash-S
Selvaprakash-S

Posted on

Access multiple Amazon Sage maker Domain(SSO Auth-mode) with same SSO user or group

Hello Community, From this blog I would like to share my experience in Multiple Sagemaker Domain with sso auth mode.

Sagemaker Domain:

As aws sagemaker domain document says domain is the first prerequisite to access or launch the sagemaker studio which has all functionality in one UI from processing to inference endpoint in Machine Learning lifecycle.

When it comes to sagemaker domain administration it has two types of authentication mode.

  1. IAM Auth Mode

  2. IAM Idc Mode (SSO)

Here I'm going to explain my experience in SSO Auth Mode.

IAM Identity Center:

For SSO auth mode, IAM Identity Center should be in the same region that you wanted to create sagemaker domain.

When it comes to enterprise company, IAM Idc is utilized in Control Tower where multiple accounts managed with the Organizational Units.

Here, I'm not going to talk about Control Tower, I'm just going to create one IAM Idc in N.Virginia where I will be creating sagemaker domain.

Step 1:

Once the IAM Idc is enabled in us-east-1 I've created 2 groups that I'm part of.

IAM Idc Groups

IAM User

Step 2:

then I've created 2 permission sets

Permission Sets

step 3:

Added those groups and permission sets to the account

account config

Once IAM Idc is done create two domain in sagemaker console:

Step 1:

By following the custom wizard you can create domain with sso mode

domain

Step 2:

Add the group that we created earlier by clicking assign user or group

group

As you can see you can add same group in multiple domain

domain

Finally, you can see the multiple domain in awsapps page like below

awsapps

Hence, same sso user can access the multiple domain. However, user profile will be prefixed with some random three number and letters so that user profile will be unique across the domain

user profile

domain 2

Application display name can be changed in IAM Idc's Application section

Top comments (0)