Are sso-directory role permissions used for anything still?

0

Are "sso-directory" role permissions used for anything still? From what I see the Identity Store has taken over the SSO directory's role and there are separate "identitystore" role permissions. Are they roughly equivalent?

1 Answer
0

sso-directory is the services prefix for the AWS IAM identity Center directory (successor to AWS Single Sign-On directory or AWS SSO directory) , while identitystore is the services prefix for the AWS Identity Store (legacy term: AWS SSO store or AWS SSO identity store).

So both exist, but are used for different things.

To give an example:

  • identitystore:CreateGroup would grant permission to create a group in the specified IdentityStore
  • sso-directory:CreateGroup would grant permission to create a group in the directory that AWS IAM Identity Center provides by default
AWS
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions