By using AWS re:Post, you agree to the Terms of Use
/Unable to use AD groups after enabling Configurable AD Sync in SSO/

Unable to use AD groups after enabling Configurable AD Sync in SSO


We are using AWS SSO with AWS Managed Microsoft AD as source for quite some time. There was a notification toe enable "Configurable AD Sync" and we enabled it today. Per the information on the AD Sync page, all the existing user and group assignment should not be affected after the change.

We see the permissions assigned to individual users are unaffected. But the permission sets assigned to the AD groups are no longer working. When I try to change the permission set of an AD group, I get "Unexpected error Received a 404 status error: null".

Also, there are 15 groups shown in AWS SSO > Settings > Manage sync > Groups. But on the assign permission set page, there is only one group available. We are not sure if there is any step missing in this configuration. Could someone please point us towards the correct direction?

1 Answers
Accepted Answer

We created a support ticket with AWS and they informed us that the groups will not sync if the group description has any of these four special characters <>;:

After removing the special characters from our AD groups and waiting for the groups to sync, we are able to see the groups again in AWS SSO.

answered 19 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions