En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

IAM Identity Center - "message":"No access" with users from Active Directory

0

I'm getting a "no access" response when I try to access to an account using SSO portal. I've configured AD directory with AD Connector and synced groups. I can login in web and aws cli, see the configured accounts and permissions sets but when I try to access I'm always getting this response:

'{"message":"No access","__type":"com.amazonaws.switchboard.portal#ForbiddenException"}'

Same response from web and aws cli. I tried to roll back to Identity Center directory (local users and groups) and with local users it's working fine. Only fails with AD users. I've checked SSO roles and identity providers are correctly created on every managed account.

Any idea about what is happening?

Thanks and regards, Guillem

Sujets
Sécurité, identité et conformité
Balises
Gestion des identités et des accès AWSService de répertoire AWSCentre d’identité IAM AWS
Langue
English
rePost-User-3199548
demandé il y a un an1100 vues
1 réponse
1
Réponse acceptée

SOLVED. As commented in https://repost.aws/questions/QUAqB5ERupRE2GY9RcUSA2zQ/problem-with-sso, a mail attribute it's needed for SAML assertions. In my case, mail was empty in our AD. I've mapped userPrincipalName to emails[?primary].value and then it worked.

rePost-User-3199548
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents