In 2022, AWS Single Sign-On (AWS SSO) became AWS IAM Identity Center. As a result, please use the "aws-iam-identity-center" tag instead of the "aws-sso" tag on related posts.
Questions tagged [aws-sso]
78 questions
2
votes
0 answers
how to change the logo in aws sso saml application
I have enabled the aws sso in that created one saml Application, when we login using aws sso we can able to see the saml application,but i cant able to change the logo of application, is there any way to change the icon/logo of saml…
JANARDHAN
- 41
- 3
2
votes
4 answers
Connect to to AWS Athena using the AWS SSO from dBeaver
I am trying to connect to AWS Athena from the dbeaver. Documentation is saying that I can do that using the AWS SSO https://dbeaver.com/docs/wiki/AWS-SSO.
I went through all options and was not able to find such a configuration. I am using version…
rholdberh
- 475
- 1
- 5
- 19
2
votes
1 answer
Why do Control Tower Accounts also need an SSO User
Why when creating a new AWS account via the AWS Control Tower Account Factory does an SSO user also need to be created? There is already an email for the root user can through AWS SSO you can assign users/groups anyway, so what purpose does it serve…
Derrops
- 7,651
- 5
- 30
- 60
2
votes
1 answer
How to restrict AWS CLI Access for SSO User
I have SSO configured for my AWS organizational accounts. Have created two accounts(one is dev and the other is prod). How do i restrict AWS CLI Access for my prod accounts SSO users. Tried looking up in their documentation, but couldn't find…
Sriram Raghavan
- 73
- 5
2
votes
3 answers
AWS SSO for external client AWS accounts not in an organization - Best Practices
I have multiple different clients I work with that are completely independent of each other. If a client I'm working with already has an AWS account, I may develop software in their existing AWS account, but if they don't have an account then I'll…
Greg Micek
- 183
- 3
- 16
2
votes
0 answers
saml - how to return group name of a user belong to?
I am trying to use aws sso - saml 2.0 to integrate with a tool and I am not sure how to return group name instead of group id.
The mapping I am using is memberOf --> ${user:groups}, and I can see group ids are returned, however, the tool integration…
void
- 345
- 3
- 13
2
votes
0 answers
Is this AWS SSO session expiry experience normal and can it be changed?
Unlike IAM sign-in, when my SSO session expires there appears to be no way to establish a new session and be returned to the console page I was last browsing.
As background (if it's relevant) I am using Azure AD as an external SAML identity…
davegravy
- 888
- 11
- 28
2
votes
2 answers
Why do I get an Invalid MFA error when using GSuite/Google Workspace as an IdP with AWS SSO
I have configured GSuite as the identity provider for our AWS SSO service following the directions in this blog post. When I visit my SSO user portal URL (ie https://d-1234567890.awsapps.com/start) I am correctly redirected to accounts.google.com…
cfbarbero
- 1,607
- 2
- 14
- 26
2
votes
2 answers
How to use GitHub Desktop with AWS CodeCommit and AWS SSO profile?
I have enabled SSO for my organization and created a user. The user has admin rights to a sub account and is able to clone a repo via terminal. The problem is when I am trying to use GitHub Desktop to clone (or do anything) it asks for a username…
jimmone
- 446
- 1
- 6
- 15
1
vote
1 answer
AWS SSO change identity source
When I try to switch the identity source in IAM identity center(AWS SSO), I'm getting "IAM identity center will delete your current MFA configuration". Does this mean IAM users will also be affected?
I'm expecting the users in IAM not be affected.…
learner
- 13
- 3
1
vote
1 answer
Getting all users from AWS identitystore along with status property
I have been trying to get all user details from AWS identitystore using both AWS sdk and AWS CLI. In both cases the json returned does not consists of "status" property. Although on the AWS console the status is clearly mentioned/visible.
The CLI…
Avinash
- 15
- 4
1
vote
1 answer
AWS Identity Center without User Provisioning
In the old days before IAM Identity Center (AWS SSO), we used custom IAM Identity Providers with IAM Roles that had trust policies that allows users with certain claims (IdP groups) to assume them. This system was nice in that AWS/IAM didn't care…
Jordan
- 3,998
- 9
- 45
- 81
1
vote
0 answers
How To achieve multitenancy in aws quicksight?
steps i am following
I have first created an IAM user
We have same user in default namespace
aws quicksight register-user --namespace default --identity-type QUICKSIGHT --user-role ADMIN --region us-east-1 --email=jill@foocompany.com --user-name…
Karan Goyal
- 11
- 2
1
vote
1 answer
AWS SSO - List users assigned with an aws account
I have the list of all AWS accounts in my organization. I need to list the users present in each account via API.
Through the documentation List account assigments,
I can list only passing as parameters account + permission set.
I wanted it to list…
Bruno Souza
- 75
- 6
1
vote
1 answer
How to check current assumed role/user in the SSO account to access EKS resources in the console
We have SSO configured in the main AWS account and we log in to the child AWS account using that SSO link. Now we have created an EKS cluster in the child account but we are not able to view the Node and other resources due to aws-auth config…
Nitin G
- 714
- 7
- 31