- Newest
- Most votes
- Most comments
Right now that SSO Sync on Github is the best option if you want to automatically synchronize groups from your Google Workspaces to AWS SSO.
We also have a workshop that demonstrates how the SSO Sync can be used to setup integration between AWS SSO and Google Workspaces.
I have tried deploying the SSO Sync Github project however, I't seems that this is a dead project for a few reasons.
- The last commit was a year ago.
- The README link to "AWS Serverless Application Repository" that supposedly enables the deployment of SSO Sync doesn't work. There's actually an open issue that many people aren't able to access it and the reason seems to be that the related account was deleted.
- Following the manual instructions just doesn't work, there are multiple bugs.
From the workshop link you provided it's also stated in the intro that - "AWS Single Sign-On (SSO) currently does not support Google Workspace as an identity provider for automatic provisioning of users and groups, or the ssosync application, available on the AWS Serverless Application Repository."
I can't offer any help at the moment, but I can report that I have the same issue. User provisioning is working, but I can't get Group mapping to work. Given that there is no manual workaround...
...it's a minor scandal that this does not appear to be documented.
I have the same issue. It's odd that everything else works except for groups. And if I attempt to create a group in IAM, I cannot because I'm synchronizing from Google Workspace.
Hi guys. Maybe there are some news about Google + AWS SSO integrations.
Google and Amazon announces a new feature - automatic provisioning:
- https://support.google.com/a/answer/6194963?hl=en#zippy=%2Cstep-set-up-google-as-a-saml-identity-provider-idp
- https://aws.amazon.com/about-aws/whats-new/2023/06/aws-iam-identity-center-automated-user-provisioning-google-workspace/
I've tested it and, yes it works. Thanks a lot for this feature!!! But group mapping between Google and AWS still doesn't work. In google SAML attribute mapping there is settings "Group membership (optional)" where I can choose my Google groups, but I can't understand what attributes I need to substitute into field "App attribute" in order for me to have a mapping between groups In Google and AWS. I read a bunch of documents, tried different options with mapping observing all possible attribute parameters in SAML schema of data and SCIM settings, tried create custom attributes on AWS and Google side, but none of the options works. Is it work actually?
Relevant content
- asked 8 months ago
- asked a year ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
Hi Dave, I understand your frustration, I pass through the same contributing to the awslabs/ssosync project. So, that is why I build this other one https://github.com/slashdevops/idp-scim-sync from scratch, maybe this work for your requirements until AWS have a new better solution