Policy for allowing SSO users to change only their own information?



I'm setting up SSO for my company and our accounts. I want users to be able to change their own information, credentials, access keys, MFA devices, and so on, without having to make them admins (and thus giving them too high privileges) and without having to rely on an admin to do it for them.

Is this possible? What would such an IAM policy look like?

Thank you for taking the time to read.

1 Answer

If you are setting up SSO, then there should not be any need. There will be no IAM Access keys to manage with SSO. The directory will not be part of IAM, their for there will be no IAM users.

If you are using Identity centre with inbuilt directory, then just enforce MFA for users. That is about it.

What SSO are you looking at?

profile picture
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions