Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

What happens to rogue domain users when SSO is enabled?

0

My organization has a few users who were using AWS before we officially began managing it. Their accounts are using the same domain as us, but we're unable to see which users these are. Is there a way to see these users? What happens to these users login when we enable SSO?

Themen
Sicherheit, Identität & KonformitätManagement & UnternehmensführungAWS Framework mit guter Struktur
Tags
Sicherheit, Identität & KonformitätAWS Identity and Access ManagementAWS Directory ServiceAWS Management ConsoleSicherheit
Sprache
English
rePost-User-0269298
gefragt vor einem Jahr252 Aufrufe
2 Antworten
0

By rogue domains users you mean they had IAM users (credentials for login in the Console) using the domain before using the SSO? You will able to see this user on IAM console, and delete it.

They will be able to login both ways. One using the SSO and other directly through the console. Because while they have the email as username, it could be just another string. And it will be better for management, security and compliance that anyone logs under the SSO.

profile pictureAWS
Ibrahim Cesar
beantwortet vor einem Jahr
0

You can find the login events in CloudTrail and use Athena to find these events.

profile pictureAWS
EXPERTE
kentrad
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt