Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Policy for allowing SSO users to change only their own information?

0

Hello,

I'm setting up SSO for my company and our accounts. I want users to be able to change their own information, credentials, access keys, MFA devices, and so on, without having to make them admins (and thus giving them too high privileges) and without having to rely on an admin to do it for them.

Is this possible? What would such an IAM policy look like?

Thank you for taking the time to read.

Temas
Seguridad, identidad y cumplimientoGestión y gobierno
Etiquetas
Seguridad, identidad y cumplimientoCentro de identidad de AWS IAMAWS Account ManagementPolíticas de IAM
Idioma
English
rePost-User-3115414
preguntada hace un año232 visualizaciones
1 Respuesta
0

If you are setting up SSO, then there should not be any need. There will be no IAM Access keys to manage with SSO. The directory will not be part of IAM, their for there will be no IAM users.

If you are using Identity centre with inbuilt directory, then just enforce MFA for users. That is about it.

What SSO are you looking at?

profile picture
EXPERTO
Gary Mclean
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante