1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
SSO and IAM users can coexist. Nothing happens to your existing IAM users, groups, roles or policies when you provision SSO into your accounts.
SSO appears as a new identity provider in your IAM config and manages its own roles (permission sets) alongside your normal IAM roles. Users coming in via SSO roles can also assume other IAM roles (with the right permissions), though watch out for condition strings in policies as things like MFA constraints don't work for SSO users.
Overall AWS SSO is a benefit, but be prepared for a small learning curve and extra work on the governance side as AWS SSO is less mature than IAM and seems to be taking a while to catch up.
répondu il y a 4 ans
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 6 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans