AWS announces AWS Interconnect – multicloud (preview), providing simple, resilient, high-speed private connections to other cloud service providers. AWS Interconnect - multicloud is easy to configure and provides high-speed, resilient connectivity with dedicated bandwidth, enabling customers to interconnect AWS networking services such as AWS Transit Gateway, AWS Cloud WAN, and Amazon VPC to other cloud service providers with ease.
Google SSO with AWS IAM Identity Center fails
Hi,
I've followed this (https://aws.amazon.com/blogs/security/how-to-use-g-suite-as-external-identity-provider-aws-sso/) instruction to get Google SSO working for AWS and eventually want to turn on auto provisioning of accounts; however im unable to login and get an error (it may be a bug?) that: Something went wrong, looks like this code isn't right. please try again.
Any help is appreciated as our organization isn't able to login.
- 新しい順
- 投票が多い順
- コメントが多い順
Hi I had the same problem after following the same blog post. It turns out that you have to use the email address as the username of the user when you are creating it! Hope it fixes your issue
You can use a root IAM user to login to the account and check SSO user/group lists. I assume that lists are empty and AWS does not know anything about your users in Google.
Need to make sure that Google supports Cross-domain Identity Management (SCIM) for auto-provisioning. A couple of years ago it did not, so we had to replicate users from Google to AWS SSO manually.
Hello here.
A couple of years ago it did not, so we had to replicate users from Google to AWS SSO manually. Can you explain this in detail, please? I have an issue when new users from Google Workspace don't appear at Identity center anymore.
This article https://docs.aws.amazon.com/singlesignon/latest/userguide/troubleshooting.html really helped me. The section containing "An Unexpected Error Occurred" Includes a list of things to check.
I had the ID format wrong and the Start URL should be left blank.
Identity Center has doesn't work well with Google as an Identity Provider, because Google doesn't have a SCIM server. So checking that the user actually exists is a good first step.
If the user logging into Identity Center exists in the Identity Center user directory, I would look at the SAML assertion Google is sending. Make sure the NameID value of the SAML assertion sent by Google matches the username value of a user populated in Identity Center.
If the NameID value does match a user in Identity Center, I suggest opening a support ticket because there are a few things that could go wrong. But the NameID value not matching a user is the most common issue.
関連するコンテンツ
- 質問済み 10ヶ月前
Please accept the answer if it was useful for you