SSO with Managed AD as idp - 403 forbidden

Hi,

I've connected the SSO idp to the Managed Active Directory with AD Connector as proxy between SSO and Active Directory.

User and groups are sync correctly I can loggin to the SSO I can attach permission set to account

After logging to the SSO when I click on the account to assume the role I got a 403 error {"message":"No access","__type":"com.amazonaws.switchboard.portal#ForbiddenException"}

I don't know where to search to solve this issue.

Can you please help me ?

Regards

주제

보안, 신원 및 규정 준수 관리 및 거버넌스

태그

AWS 자격 증명 및 액세스 관리 AWS 디렉터리 서비스 AWS IAM 자격 증명 센터 AWS 계정 관리

언어

English

FabienG

질문됨 일 년 전399회 조회

2개 답변

최신
최다 투표
가장 많은 댓글

수락된 답변

HI,

Solved, the issue was a mapping problem between AWS Managed AD and SSO. The SSO user primary-email field was empty.

We change the mapping, everything works well

Regards

FabienG

답변함 일 년 전

Kisshore Gunasekaran
일 년 전
Hi @fabieng, can you please share the attribute mapping configured on the SSO.

I recommend you review the metadata issued and supported by AWS SSO. Then check the attribute mapping making sure the format is set to "transient"

Gera

답변함 일 년 전

SSO with Managed AD as idp - 403 forbidden

관련 콘텐츠