Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

How to limit access to specific Identity Center groups?

0

I have multiple groups in my default Identity Center directory. I want members of a specific group manage users of other groups except a couple of administrator-managed groups. Simple use case is to "Allow team leaders manage limited number of teams by adding/removing users" sso-directory does not support (have) any ARNs and does not have any specific Conditions. Global conditions does not allow to filter by resource ARN or, in my case, group_id. Tags cannot be added to Identity Center groups to allow for aws:ResourceTag/... filtering.

Are there any feasible way to resolve my use-case?

Argomenti
Sicurezza, identità e conformitàGestione e amministrazione
Tag
Sicurezza, identità e conformitàGestione identità e accesso AWSGestore account AWS
Lingua
English
Maksym
posta un mese fa161 visualizzazioni
1 Risposta
0
Risposta accettata

Hello.

As stated in the document below, there are no condition keys, so I don't think it is currently possible to manage only specific groups.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiamidentitycentersuccessortoawssinglesign-ondirectory.html

profile picture
ESPERTO
Riku_Kobayashi
con risposta un mese fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente