...
- Send an email to cloud-support@cornell.edu with the following information:
- The name of your new role. In this example, that's "shib-example".
- The 12-digit account number of your AWS account.
- The name of the Cornell unit associated with the account (e.g. CALS).
- An initial The name of the existing AD Security Group that contains the list of Cornell netids netIDs you wish to be able to use this role in your account.
- Note: While we would all like to be able to simply reference another AD group here, the Shibboleth integration does not allow it. We really need that list of individual users. A list of Cornell netids you wish to be able to manage the users in this newly created AD group
- Since this AD Security Group will live in your OU structure you will be able to modify the group membership as needed following your existing practices.
- Note: In order to maintain security for your AWS account, the person sending this email must be in the shib-admin group for the account.
...