By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can I change the password policy for the SSO identity store?

1

We just had a pen test completed and one of the items was our password policy. I was looking at changing it, and I found this page: https://docs.aws.amazon.com/singlesignon/latest/userguide/password-requirements.html. It describes the password policy for the SSO identity store (which we are using), but not how to change the policy. Is it possible to change a password policy for the SSO identity store?

Thanks!

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
AWS Identity and Access ManagementAWS Control Tower
Language
English
thedraketaylor
asked 2 years ago2495 views
1 Answer
1

Currently there is no way to change the password policy when using AWS SSO as your identity source. This limitation applies only to users created in the AWS SSO identity store. If you have configured an identity source other than AWS SSO for authentication, such as Active Directory or an external identity provider, the password policies for your users are defined and enforced in those systems, not in AWS SSO and can be customized within those systems.

The product team is aware of the feature request. If you happen to work with an account manager at AWS you can have them or the solutions architect add your customer influence to the existing request. Features are added and worked based on the amount of customer influence a feature has.

AWS
AWSJoe
answered 2 years ago
  • Matt
    a month ago

    Is this feature planned? PCI-DSS 4.0 (requirements 8.3.6 and 8.3.7) mandates 12 characters passwords, and that the last 4 passwords cannot be reused.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content