By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Policy for allowing SSO users to change only their own information?

0

Hello,

I'm setting up SSO for my company and our accounts. I want users to be able to change their own information, credentials, access keys, MFA devices, and so on, without having to make them admins (and thus giving them too high privileges) and without having to rely on an admin to do it for them.

Is this possible? What would such an IAM policy look like?

Thank you for taking the time to read.

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
Security, Identity, & ComplianceAWS IAM Identity CenterAWS Account ManagementIAM Policies
Language
English
rePost-User-3115414
asked a year ago224 views
1 Answer
0

If you are setting up SSO, then there should not be any need. There will be no IAM Access keys to manage with SSO. The directory will not be part of IAM, their for there will be no IAM users.

If you are using Identity centre with inbuilt directory, then just enforce MFA for users. That is about it.

What SSO are you looking at?

profile picture
EXPERT
Gary Mclean
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content