Role switch IAM Identity Center user

0

Hi,

is it possible to let the user from IAM Identity Center to get its role switched? How to setup the policy and permission? Any best practice? Thanks

2 Answers
1

We can make use of Permission Set in IAM Identity Center. After the user login the IAM Identity Center, they can select the Permission Set(role) to use and can also switch to another Permission Set that is assigned to them. For more details, refers to: https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsetsconcept.html

AWS
answered a year ago
0

Hi Ronald,

thanks for the answer. Is there any possibility to use an inline policy to switch the role for an IAM Identity Center user? I didn't see there is any ARN for the an IAM identity center user.

What I know that an IAM user can assume a role if needed. Ref.: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html

answered a year ago
  • To Ronald's point, when you access a permission set in IAM Identity Center, you are effectively switching roles into an AWS account. Maybe you could explain a little more about what you are trying to accomplish by switching roles after authenticating to IAM Identity Center instead of using a permission set?

  • Identity Center users are only users in the context of Identity Center. They don't have ARNs. When you log into Identity Center and assume a permission set, you're assuming a role and the Identity Center username is used as the role session name.

    Consider user John Doe with username john.doe@example[.]com. If they were to access an AdministratorAccess permission set for account 111122223333, the principal ARN would be something like: arn:aws:sts::111122223333:assumed-role/AWSReservedSSO_AdministratorAccess_XXXXXXXXXXXXX/john.doe@example[.]com. You could use that ARN in your policies.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions