Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How To Handle Email Verification And Password Reset While Bulk Creating Identity Centers

0

Hi, I am bulk creating users within IAM Identity Center via a shell script. I am able to create and then add all users to a group with an application attached successfully, however none of the users receive emails about their account creation, or details how to access it. It could be important to note their email domain is different from the root domain of the AWS account.

I am wondering how we can modify either the way the user is being created, or followup commands we can make within CLI to accomplish this.

For context, I am currently creating each user like so: aws identitystore create-user \ --identity-store-id "$IDENTITY_STORE_ID" \ --user-name "$username" \ --name "GivenName=$firstname,FamilyName=$lastname" \ --display-name "$displayname" \ --emails "Value=$email,Type=work,Primary=true"

I have also tried "updating" the user's email after they were created to trigger a notification, but I believe this failed as well because the original email wasn't verified...

At the end of the day, I'm just trying to avoid having to manually click 'Send Verification Email' and then 'Reset Password' literally 500 times.

Topics
Management & GovernanceSecurity, Identity, & Compliance
Tags
AWS IAM Identity CenterAWS Command Line Interface
Language
English
asked a year ago580 views
2 Answers
0

Hi Ethan!

To automate email verification and password resets when bulk creating users in IAM Identity Center:

Email Verification: Currently, there's no direct AWS CLI command to send verification emails or reset passwords automatically during bulk user creation. However, after creating the users, you can use the AWS SDK (like Boto3 for Python) to programmatically trigger these actions.

Here's a high-level approach:

  • Create Users via CLI as you've been doing.
  • Use Boto3 to iterate through the users and call admin_create_user followed by admin_reset_user_password in the AWS SDK for Python.

Documentation: Detailed steps can be found in the AWS IAM Identity Center Documentation.

This will streamline the process and avoid manual intervention.

I hope this helps! 😁

answered a year ago
0

Please review this AWS documentation about enabling Email invitation notification to users created by API in identity center: https://docs.aws.amazon.com/singlesignon/latest/userguide/userswithoutpwd.html

That might require you to switch to using the API endpoint to programmatically create user profiles.

AWS
EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content