Hi,
I'm trying to add user or group from SSO to Grafana but it ends with error:
400
Failed to associate identity 996707c13f-1af38066-6ab6-48bd-bbdf-35094dc7a3ef, type: SSO_USER with workspace SSO application"
I created Grafana workspace with "Service managed" option with AWS IAM Identity Center authentication method.
SSO is deployed on different account and AD Connector is used as a source, my user has full privileges and grafana is able top list users and groups but cannot add selected.
The only error I found in CloudTrail is:
(...)
"eventSource": "sso.amazonaws.com",
"eventName": "AssociateProfile",
"awsRegion": "eu-central-1",
"sourceIPAddress": "grafana.amazonaws.com",
"userAgent": "grafana.amazonaws.com",
"errorCode": "InvalidInputException",
"requestParameters": {
"accessorId": "S-1-5-...",
"accessorType": "USER",
"directoryId": "d-xxxxx",
"directoryType": "ADConnector",
"instanceId": "ins-6a1...",
"profileId": "p-bb..."
},
"responseElements": null,
"requestID": "ebd8b359-ce31-4996-812d-41cf8802852e",
"eventID": "790e94a8-b2e6-418a-a474-e086e84bf558",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "(...)",
"eventCategory": "Management",
"sessionCredentialFromConsole": "true"