- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Previously the documentation used to say group provisions with Google isn’t supported. That was true when I last did this over a year ago.
However, there has been development and now Google can provision groups using SCIM. Please review latest documentation https://docs.aws.amazon.com/singlesignon/latest/userguide/gs-gwp.html
Syncing of groups using SCIM between Google and Identity Center is still not supported till today. If you want such automation, looks into ssosync (https://github.com/awslabs/ssosync). I would suggest that, if you use ssosync, then don't turn autoprovisioning (SCIM) on to avoid conflicts of updating Identity Center.
If you do want to use SCIM, and you don't have that many groups or group changes, you can manage groups separately from SCIM. You can't do that on Console as the 'buttons' will be disabled when auto provisioning is turned on, but you can do that via CLI or API.
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 10 Monaten
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
Under Step 8, looks like you can't create groups using the AWS Console once Identity Centre is connected to an external IdP. Creation of the groups can only be done via CLI or API.
Gary can you share more info on the latest development of group provisioning? The user doc you referred to still says: SCIM automatic synchronization from Google Workspace only supports provisioning users; groups aren't automatically provisioned.
In the documentation mentioned above the bottom of the first section says: 'Note that this tutorial is based on a small Google Workspace directory test environment. Directory structures such as groups and organization units aren't included'. Does anyone know if there is a guide anywhere for importing your Google Groups to AWS Identity Center?
If you look at the very bottom of the documentation it talks about 'Next steps' and talks about creating AWS Identity Center groups through the AWS CLI. However, if I do this, there is no way for me for to add our Google users to these created groups
@cvnkc You use create-group CLI or corresponding API to create the group, then use create-group-membership CLI or corresponding API to add users into that group.