Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

IAM Identity Center - "message":"No access" with users from Active Directory

0

I'm getting a "no access" response when I try to access to an account using SSO portal. I've configured AD directory with AD Connector and synced groups. I can login in web and aws cli, see the configured accounts and permissions sets but when I try to access I'm always getting this response:

'{"message":"No access","__type":"com.amazonaws.switchboard.portal#ForbiddenException"}'

Same response from web and aws cli. I tried to roll back to Identity Center directory (local users and groups) and with local users it's working fine. Only fails with AD users. I've checked SSO roles and identity providers are correctly created on every managed account.

Any idea about what is happening?

Thanks and regards, Guillem

Argomenti
Sicurezza, identità e conformità
Tag
Gestione identità e accesso AWSAWS Directory ServiceCentro identità AWS IAM
Lingua
English
rePost-User-3199548
posta un anno fa1100 visualizzazioni
1 Risposta
1
Risposta accettata

SOLVED. As commented in https://repost.aws/questions/QUAqB5ERupRE2GY9RcUSA2zQ/problem-with-sso, a mail attribute it's needed for SAML assertions. In my case, mail was empty in our AD. I've mapped userPrincipalName to emails[?primary].value and then it worked.

rePost-User-3199548
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente