Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

"It's not you, it's us" when accepting IAM Identity Center invitation

1

Hello, I was following the tutorial https://aws.amazon.com/getting-started/guides/setup-environment/module-two/ on creating IAM Identity center users. I started it yesterday, created a user, assigned a group, then I received email with invitation. When I clicked I was asked to choose MFA, which I didn't want yet, so I closed the browser tab. Today, I continued the tutorial with adding permission sets to that administrative user. But when I now open the invitation I get: "It's not you, it's us We couldn't complete your request right now, please try again later". Of course, later is no better. So maybe it's me, after all.

  1. How can I recover from that? Should I delete the user and create again?
  2. Is MFA mandatory for administrative users created that way? When the invitation was showing me the MFA options, it was stated that my AWS organization requires MFA. But it was me, who created that AWS organization, so I should be probably able to turn it off. The tutorial implies it's mandatory though.
Argomenti
Sicurezza, identità e conformitàGestione e amministrazione
Tag
Centro identità AWS IAMGestore account AWS
Lingua
English
Piotr
posta 2 mesi fa232 visualizzazioni
1 Risposta
1

Hello.

How can I recover from that? Should I delete the user and create again?

Yes, I think it would be easier to recreate it.

Is MFA mandatory for administrative users created that way? When the invitation was showing me the MFA options, it was stated that my AWS organization requires MFA. But it was me, who created that AWS organization, so I should be probably able to turn it off. The tutorial implies it's mandatory though.

I believe that IAM Identity center is set by default to require MFA to be registered at sign-in.
https://docs.aws.amazon.com/singlesignon/latest/userguide/how-to-configure-mfa-device-enforcement.html

If MFA is forced in IAM Identity center, I think the settings in the following document are related.
Please sign in as an administrator and check the settings in the document below.
https://docs.aws.amazon.com/singlesignon/latest/userguide/mfa-getting-started.html

a

It may be possible to resolve the issue by setting it to "Allow them to sign in".
b

profile picture
ESPERTO
Riku_Kobayashi
con risposta 2 mesi fa
profile picture
ESPERTO
Giovanni Lauria
verificato 2 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente