Create Groups with AWS Identity Centre and External IdP (Google workspace)
Hi,
We have AWS Identityr Centre configured with an external Idp (Google workspace). However, as documented the Groups are not automatically provisioned and needs to be manually created. However, when we try to create the group manually we get the following info and clicking "Create Group" button does nothing.
How can we have groups with external IdP configured? Do we have to manually create the groups before connecting an external IdP?
Your identity source is currently configured as 'External identity provider'. To add new groups or edit their memberships, you must do this using your external identity provider.
Thank you
- Newest
- Most votes
- Most comments
Previously the documentation used to say group provisions with Google isn’t supported. That was true when I last did this over a year ago.
However, there has been development and now Google can provision groups using SCIM. Please review latest documentation https://docs.aws.amazon.com/singlesignon/latest/userguide/gs-gwp.html
Relevant content
- asked 8 months ago
- asked 2 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 months ago
Under Step 8, looks like you can't create groups using the AWS Console once Identity Centre is connected to an external IdP. Creation of the groups can only be done via CLI or API.
Gary can you share more info on the latest development of group provisioning? The user doc you referred to still says: SCIM automatic synchronization from Google Workspace only supports provisioning users; groups aren't automatically provisioned.