Password reset using AWS SSO with external identity provider (AD)

Question

Hello everyone,

My Organization uses AWS SSO with on-premise Active Directory as an external Identity Source. In detail, there is an AWS Managed AD in TWO-WAY-TRUST with the on-premise AD. All users reside in the on-premises AD, the one on the AWS side is just a bridge.
The on-premise AD for security reasons imposes the password reset of the users every 3 months, consequently the users are cut off from AWS repeatedly. This happens because the AWS SSO console does not allow password reset with external identity sources and returns a generic error.
Has anyone managed to find a solution/workaround for resetting the password via SSO and external identity source?
I've been looking for a solution to this problem for some time to no avail.

Thank you

Answer

I am not exactly sure how the AWS IAM Identity Center (previously called AWS SSO) is configured to connect with your on-premise AD. No password information is synchronized to IAM Identity Center; only the users, group and membership information is synchronized to IAM Identity Center.

===Extracted the [IAM Identity Center documentation](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-ad.html) ===

IAM Identity Center uses the connection provided by the AWS Directory Service to synchronize user, group, and membership information from your source directory in Active Directory to the IAM Identity Center identity store. No password information is synchronized to IAM Identity Center, since user authentication takes place directly from the source directory in Active Directory.

Password reset using AWS SSO with external identity provider (AD)

관련 콘텐츠