Use AWS IAM Identity Center (successor to AWS Single Sign-On) to manage sign-in security for your workforce users, and create or connect workforce users and centrally manage their access across all their AWS accounts and applications. Assign your users access to IAM Identity Center–enabled applications, cloud applications, and customer Security Assertion Markup Language (SAML 2.0) applications.
Questions tagged [aws-iam-identity-center]
10 questions
4
votes
1 answer
How to create AWS Console Deeplinks behind IAM Identity Center login?
When managing access to multiple accounts via IAM Identity Center, the AWS Access Portal provides clickable links for each of the available Roles/PermissionSets in those accounts. However, the console always loads to the main page. Is there a way to…
scubbo
- 4,969
- 7
- 40
- 71
4
votes
2 answers
How to remove a permission set for a User in IAM Identity Center
I have a highly multi-account environment and Users that are assigned multiple permission sets per account.
e.g. Bob has both Administrator and ReadOnly for Test and Prod accounts.
Say I want to only remove Bob's Administrator access for the Prod…
NitrusCS
- 597
- 1
- 5
- 20
3
votes
2 answers
What happens to existing AWS IAM users when enable IAM Identity Center?
I want to enable IAM Identity Center and configure an external IdP for an existing AWS account. This AWS account already has users, created with IAM.
What happens to these users?
I'm especially worried about users used by my application to, for…
Gigitsu
- 593
- 6
- 19
1
vote
1 answer
AWS SSO change identity source
When I try to switch the identity source in IAM identity center(AWS SSO), I'm getting "IAM identity center will delete your current MFA configuration". Does this mean IAM users will also be affected?
I'm expecting the users in IAM not be affected.…
learner
- 13
- 3
1
vote
1 answer
How do I get User To Show Up AWS IAM Identity Center Under AWS Accounts?
Steps to reproduce: Using the AWS Console, I did the following under IAM Identity Center:
Under root account: I added a user named "PID-REDACTED-"st (see screenshot, please)
I logged in as the said user in an incognito browser - logs in fine
Under…
davos
- 151
- 10
1
vote
1 answer
AWS Identity Center without User Provisioning
In the old days before IAM Identity Center (AWS SSO), we used custom IAM Identity Providers with IAM Roles that had trust policies that allows users with certain claims (IdP groups) to assume them. This system was nice in that AWS/IAM didn't care…
Jordan
- 3,998
- 9
- 45
- 81
0
votes
0 answers
AWS CLI v2: Identity Center: Create User
I try to create a user in AWS Identity Center using create-user (https://awscli.amazonaws.com/v2/documentation/api/latest/reference/identitystore/create-user.html).
aws identitystore create-user \
--identity-store-id…
quervernetzt
- 10,311
- 6
- 32
- 51
0
votes
0 answers
How to get Assertion Consumer Service URL in AWS IAM Identity center using AWS CLI
How to get Assertion Consumer Service URL in AWS IAM Identity center using AWS CLI?
Suresh Raja
- 411
- 6
- 23
0
votes
0 answers
Can you change the IAM Identity Center Access Portal URL subdomain after it's been customized?
I know that the documentation for this says that it cannot be edited but surely there are plenty of use cases for this. For instance, if an employee mistakenly inputted the subdomain in IAM Identity Center or if a company was rebranding, there would…
starrywrites
- 508
- 2
- 11
0
votes
1 answer
MongoDB Atlas role mappings not working when using AWS single-sign on as the identity provider
I've setup our AWS SSO (IAM Identity Centre) to provide federated authentication to our MongoDB Atlas organisation by using the AWS built-in MongoDB application within AWS SSO.
I've also setup role mappings by following…
bemo
- 400
- 3
- 11