Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Unable to use AD groups after enabling Configurable AD Sync in SSO

0

We are using AWS SSO with AWS Managed Microsoft AD as source for quite some time. There was a notification toe enable "Configurable AD Sync" and we enabled it today. Per the information on the AD Sync page, all the existing user and group assignment should not be affected after the change.

We see the permissions assigned to individual users are unaffected. But the permission sets assigned to the AD groups are no longer working. When I try to change the permission set of an AD group, I get "Unexpected error Received a 404 status error: null".

Also, there are 15 groups shown in AWS SSO > Settings > Manage sync > Groups. But on the assign permission set page, there is only one group available. We are not sure if there is any step missing in this configuration. Could someone please point us towards the correct direction?

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity Center
Language
English
asked 4 years ago880 views
1 Answer
0
Accepted Answer

We created a support ticket with AWS and they informed us that the groups will not sync if the group description has any of these four special characters <>;:

After removing the special characters from our AD groups and waiting for the groups to sync, we are able to see the groups again in AWS SSO.

answered 3 years ago
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content