Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Will AWS SSO conflict with IAM ID provider?

0

Hi -
I already have a few AWS accounts that use IAM and a SAML identity provider (Azure AD). I'd like to start implementing AWS SSO, but I want to make sure that it will not conflict with my existing integrations with IAM and federations. Can anyone comment on that?

Thanks

Al

Temas
Seguridad, identidad y cumplimiento
Etiquetas
Centro de identidad de AWS IAM
Idioma
English
ecafaller
preguntada hace 4 años278 visualizaciones
1 Respuesta
0
Respuesta aceptada

Hi Al,

If you start using SSO your existing integrations with IAM will not be impacted.

When you use SSO a new IdP(Identity provider) with the name format: "AWSSSO_e1234a56b0b90f8b_DO_NOT_DELETE" is created.

After this when you create permission sets and assign them to user, the roles corresponding to these permission sets are then created in IAM with the following name format:-
This role was created for the permission set name: AdministratorAccess= "AWSReservedSSO_AdministratorAccess_e12a34c56dfb478a"

These roles then have a trust relationship policy which trust the Identity provider created by SSO.

I hope this answers your query.

AWS
AWS-User-1257231
respondido hace 4 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante