Stack Overflow
Stack Overflow

Questions tagged [aws-sso]

In 2022, AWS Single Sign-On (AWS SSO) became AWS IAM Identity Center. As a result, please use the "aws-iam-identity-center" tag instead of the "aws-sso" tag on related posts.

78 questions
1
vote
1 answer

AWS Policy that allows only one SSO user to access a resource

We are in a process to move all of our IAM users to aws SSO we used to have this IAM policy for sagemaker : " { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", …
Dvir
  • 13
  • 3
1
vote
0 answers

AWS IAM Policy for restricting access to particular groups in AWS SSO

I have multiple groups in AWS SSO as in image below. Individual groups contains users of individual customer. AWS SSO Groups I want to create a create a custom Policy in IAM. The policy should have the below definition – a. Allow Add User in AWS…
Ayush Agarwal
  • 19
  • 4
1
vote
2 answers

List all groups from AWS SSO via API?

I have a bunch of AWS SSO Groups I would like to list via the API so I can acquire the Name and GroupID. The API call ListGroups (https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroups.html) is pretty useless. It…
Kent Wong
  • 566
  • 1
  • 6
  • 20
1
vote
1 answer

Can I us AWS SSO as an external IdP in Cognito

I actually have done this before but can't figure out the settings I used ) : Basically I want to setup AWS SSO as an external IdP for Cognito. I've done this before via SAML but I can't remember what values I used for the Application settings in…
Derrops
  • 7,651
  • 5
  • 30
  • 60
1
vote
2 answers

Getting AccessDeniedException from Lambda function when calling AWS SSO Permission set

Following is my Python code to add/update an inline policy for an AWS SSO permission set: # In actual code adding escape characters Inline_Policy=" "Version": "2012-10-17", "Statement": [ { "Action": [ …
PiaklA
  • 495
  • 2
  • 7
  • 21
1
vote
1 answer

AWS SSO authorization for EKS fails to call sts:AssumeRole

I'm migrating to AWS SSO for cli access, which has worked for everything except for kubectl so far. While troubleshooting it I followed a few guides, which means I ended up with some cargo-cult behaviour, and I'm obviously missing something in my…
austin327
  • 21
  • 5
1
vote
0 answers

Simba Athena ODBC Driver with AWS SSO

My company is currently set up to use AWS SSO for access to querying AWS Athena. I have Simba Athena ODBC Driver configured to use IAM credentials I get from the console, but it is annoying process to copy and paste them every time the session…
Edison
  • 129
  • 8
1
vote
0 answers

AWS SSO SCIM Access token expiry notification

Has anybody found a way to automatically be notified when the SCIM access token expiry date is approaching? This is to help with using an external identity provider for the the SSO with Azure AD. AzureAD automatically notifies you 90, 60, 30 and 7…
DevEng user
  • 11
  • 2
1
vote
1 answer

How does attribute mapping in AWS SSO apps work with Azure usernames?

I am creating an EUC Dashboard in AWS by following this tutorial. To log in to the dashboard, you're supposed to link SSO and Cognito. Unfortunately, my environment differs from the one in the Tutorial: My user management runs on Microsoft Azure and…
decimo
  • 13
  • 4
1
vote
1 answer

AWS SSO and CodeArtifact Login requires manual config file changes for Region

When I run AWS SSO Login --Profile Default on my machine if my .aws/config file is not set to a Default region of us-east-1 I get "Invalid Grant" When the Browser opens to authenticate. When I set the config region to us-west-2 I can…
Ray Koren
  • 814
  • 14
  • 25
1
vote
2 answers

Many aws sso-admin commands failing with 403

Even though I have full AWS access and able to create stuff within AWS SSO Console, following CLI command fails: aws sso-admin create-account-assignment --instance-arn="arn:aws:sso:::instance/ssoins-xxx" --target-id="xyz"…
Ivan Aracki
  • 4,861
  • 11
  • 59
  • 73
1
vote
1 answer

AWS SSO fingerprint not working on Safari or Firefox

I have configured AWS SSO WebAuthn using fingerprint scanner on my Macbook. It saves me a ton of time not having to copy the authenticator code. Works seamlessly for Chrome. However, I need to have it working on Safari or Firefox too as I want to…
Red Bottle
  • 2,839
  • 4
  • 22
  • 59
1
vote
1 answer

Can AWS SSO generate a "friendly" issuer URL for SAML federation?

I have SAML federation working between Okta and AWS SSO. Everything is fine, except that users performing IdP-initiated SSO see an "unfriendly" URL in their browser ("https://d-123456789a.awsapps.com/") once logged into AWS. Is it possible to have a…
user3830742
  • 41
  • 4
1
vote
0 answers

Managing Roles for multiple SP (Service Providers) in SSO based application

Need information on how to use roles in SSO based application while supporting multiple SP (sso clients) I am working on a SSO based architecture by using CAS protocol. How do I manage roles across different SP (Service Providers) for the same user.…
user1060418
  • 215
  • 1
  • 3
  • 15
1
vote
3 answers

Accessing AWS SSO using the AWS-SDK

Is there a way to interact with the AWS SSO service using the AWS-SDK? https://aws.amazon.com/single-sign-on/ I am just looking for programmatic access to AWS SSO - with the AWS CLI or with the SDK or anything really.
Alexander Mills
  • 90,741
  • 139
  • 482
  • 817
1 2
3
4 5 6