Policy for allowing SSO users to change only their own information?

Hello,

I'm setting up SSO for my company and our accounts. I want users to be able to change their own information, credentials, access keys, MFA devices, and so on, without having to make them admins (and thus giving them too high privileges) and without having to rely on an admin to do it for them.

Is this possible? What would such an IAM policy look like?

Thank you for taking the time to read.

주제

보안, 신원 및 규정 준수 관리 및 거버넌스

태그

보안, 신원 및 규정 준수 AWS IAM 자격 증명 센터 AWS 계정 관리 IAM 정책

언어

English

rePost-User-3115414

질문됨 일 년 전232회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

이 답변이 도움이 되었나요?커뮤니티가 여러분의 지식을 활용할 수 있도록 정답을 찬성하세요.

If you are setting up SSO, then there should not be any need. There will be no IAM Access keys to manage with SSO. The directory will not be part of IAM, their for there will be no IAM users.

If you are using Identity centre with inbuilt directory, then just enforce MFA for users. That is about it.

What SSO are you looking at?

전문가

Gary Mclean

답변함 일 년 전

Policy for allowing SSO users to change only their own information?

관련 콘텐츠