Introduction
This article explains how to deploy the Encryption Service on AWS to enable group provisioning in NordPass. The Encryption Service allows NordPass to maintain its zero-knowledge architecture while synchronizing groups from your identity provider.
Before you start:
- The user provisioning must already be enabled
- You need to have an active AWS account
Here's what to do
- Log in to the NordPass Business Admin Panel.
- Go to “Integrations”.
- Select your identity provider.
- If user provisioning is not configured, follow the setup guide for the selected identity provider.
- Click "Create Configuration".
- Select "AWS" as the cloud provider for the Encryption Service deployment.
- Copy and save the generated configuration. You will need it later.
- Log in to Amazon Web Services (AWS).
- Open “Services” and select “Elastic Container Service (ECS)”.
- Open “Task definitions”.
- Select "Create new task definition" → "Create new task definition with JSON".
- Paste the configuration copied from the NordPass Admin Panel.
- Click "Create".
- From the side menu, select "Clusters" and click "Create cluster".
- Enter a cluster name (we recommend "NordPass").
- Open the newly created cluster.
- Go to the Services tab and click "Create".
- Select a task family.
- Enter a service name (we recommend "NordPass-Group-Provisioning").
- Click "Create" to start the deployment.
- Wait until the deployment is completed and the service status changes to "Active".
- Return to the NordPass Business Admin Panel.
- Confirm that the group provisioning status is shown as "Active".
Additional tips
- Ensure the Encryption Service remains running to avoid interruptions in group provisioning.
- If the group provisioning status does not become active, verify that the AWS service is running and correctly configured.
- Any changes to user groups in your identity provider will sync only while the Encryption Service is active.