Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

How to limit access to specific Identity Center groups?

0

I have multiple groups in my default Identity Center directory. I want members of a specific group manage users of other groups except a couple of administrator-managed groups. Simple use case is to "Allow team leaders manage limited number of teams by adding/removing users" sso-directory does not support (have) any ARNs and does not have any specific Conditions. Global conditions does not allow to filter by resource ARN or, in my case, group_id. Tags cannot be added to Identity Center groups to allow for aws:ResourceTag/... filtering.

Are there any feasible way to resolve my use-case?

Temas
Seguridad, identidad y cumplimientoGestión y gobierno
Etiquetas
Seguridad, identidad y cumplimientoAWS Identity and Access ManagementAWS Account Management
Idioma
English
Maksym
preguntada hace un mes172 visualizaciones
1 Respuesta
0
Respuesta aceptada

Hello.

As stated in the document below, there are no condition keys, so I don't think it is currently possible to manage only specific groups.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiamidentitycentersuccessortoawssinglesign-ondirectory.html

profile picture
EXPERTO
Riku_Kobayashi
respondido hace un mes

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante