AWS IAM Identity Center
This demo shows AWS IAM Identity Center protected by XFA with Google Workspace as the identity provider. Users authenticate with Google, XFA checks the device against your policy, and AWS access continues only when the device decision allows it. Use the flow as a reference before configuring the same pattern in your own environment.
XFA can be integrated as a part of the authentication process into AWS IAM Identity Center (formerly known as AWS SSO) when accesing AWS-accounts or other configured applications, to assure that devices comply with the device security policy set out by your organization.
The user is first redirected through XFA to the external identity provider (in this case Google Worksapce) to verify the identity of the user, after which device security is checked against the configured policy before the authentication is completed. Only devices that comply with the configured policy will be granted access.