SSO issue working with Fleet Manager and RDP: SSO is not shared in a org


I'm trying to follow this post But I have an error message related with SSO "An error occurred while calling the ListDirectoryAssociations API operation. SSO features are disabled. AccessDeniedException: SSO is not shared in org: xxxxx" I have configured SSO with AzureAD as external provider. Can somebody help me with this issue? Regards

  • Hi Hernan. I have the same issue; did you get anywhere with it? For me it works when SSOing into the AWS Organizations management account, but not on an invited account. On the latter, there's no option in Fleet Manager to use SSO as an authentication method, and the errors you mention crop up in the browser network debug log. I'll post here if/when I figure it out 👍

2 Antworten

In the AWS Fleet Manager documentation, it mentions -

Fleet Manager supports AWS SSO authenticated RDP connections in the same AWS Region where you enabled AWS SSO

I have instances in multiple regions and it wasn't until I re-read the docs that I noticed this colossal limitation and understood why I wasn't getting anywhere. I'm guessing you're in the same boat.

The regional limitation of SSO is also mentioned here.

I'm still finding it hard to believe such a fundamental feature isn't supported by AWS SSO 😢

beantwortet vor 2 Jahren
  • Ouch. Thank you for the clue. I've production workloads split across regions as well and this is indeed a colossal limitation.


Hello, my suggestion is that you check that "trusted access" for SSO is enabled in the organization, please go to AWS Organizations>Services>Single Sign On and make sure "trusted access" is enabled, if that is enabled, then it may be a permissions issue, in this guide you can check the role and it's permissions

beantwortet vor 2 Jahren
  • Thanks for your answer. Trustes Access was enable and related to permission, it seems the role has the needed ones. But I don't know if the permission should be related with the ec2 role o related with the user role.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen