By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS SSO Issue with Office 365

0

Hello,

Heres our setup. AWS SSO configured with office 365. No AD/on prem solution. Pure cloud.
I have configured Office 365 as per AWS configuration instruction(after you create the office 365 app in AWS SSO)

Issue -1

1/ User starts with https://ourdomain.awsapps.com/start
2/ User signs in with their AWS SSO credentials.
3/ Clicks on office 365 apps icon.
4/ Gets the error "AADSTS51004: The user account T23/ImJYakmyYc7bbVJWsw== does not exist in the b450a30a-23d0-4cb5-9105-e3b4f5ef1493 directory. To sign into this application, the account must be added to the directory."

Issue -2

1/ User starts with https://portal.office.com
2/ Enters the username.
3/ Goes to AWS for authentication.
4/ Goes back to portal.office.com page.
5/ Looks between #3 and #4.

The user is present in both office 365 and AWS SSO. Both have same user name. I don't see any ImmutableId for the user in office 365.

Appreciate any help.

Thank you

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity Center
Language
English
Cosycactus
asked 5 years ago862 views
1 Answer
0

Closing the loop here, I hope this helps anyone who may be in similar situation.

1/ We have to configure Immutable ID on both side - AWS as well as O365. This is not auto generated hence this needs to be done manually.

2/ On the AWS SSO O365 App, select the Attribute mappings tab and change mapping of the Subject attribute from ${user:ad_guid} to ${user:adImmutableId. This was provided by AWS Support.

Making these changes should make O365 work with AWS SSO.

Cosycactus
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content