By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Migrate IAM Users to AWS SSO

1

Hello everyone, Is there a way to migrate IAM Users to AWS SSO? So, I don't have to re-enter the users again. I know I can list my users with the following command: aws organizations list-accounts

Cheers Edu

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity Center
Language
English
rePost-User-2053300
asked 2 years ago2757 views
1 Answer
1

It's not an easy task, you need to have a plan because it not just involves copy-and-paste the username, but also the permission configuration in your account (Otherwise, you'll just create a bunch of users without any permission).

  1. First, you need to gather the list of IAM users, and categorise them into groups according to their permission level.
  2. For every permission level, you need to create a permission set
  3. Create SSO users (Note that the information required is more than IAM users, you'll need the users' email address. So you can't simply copying the IAM username here)
  4. Create group and add the SSO users into them by the permission category you defined earlier
  5. Assign permission sets to different groups

Migrating to AWS SSO is not just a technical task but also an opportunity to review the access management of your organisation.

RichardFan
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content