2 Answers
- Newest
- Most votes
- Most comments
0
When you use permission sets, under the hood it creates roles in the accounts with a unique ID along with IDP's when you enable SSO.
- Has any of these roles been manually removed from the target accounts?
- Has the IDP in the target accounts been removed which is used by Identity centre?
0
Hi, this previous similar re:Post question had the same problem: https://repost.aws/questions/QU2cQ7kmJlRHae_TWzq5KzOg/giving-user-access-to-aws-console-via-identity-center
For them, the solution was:
After filling in the email address attribute for my AD User and allowing Identity Center to sync,
my user and test account were able to login successfully.
So is email address attribute already entered in your case?
Hi Didier thanks for your kind reply. Looked at the previous ticket, but I am not using SSO. I am using users created in AWS IAM Identity Center only. Should be different issue from the ticket you mentioned? Thanks again for your kind help.
Relevant content
- Accepted Answerasked 16 days ago
- asked 4 months ago
- Accepted Answerasked 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
Thanks Gary. This helped to solved my problem. I think I removed the role while doing spring-cleaning of my AWS Policies and Roles.
Thanks for the feedback. Glad to have helped.