- Newest
- Most votes
- Most comments
Hi,
I understand you are experiencing the error above when trying to register a Grafana new Workspace and network failure when trying to setup AWS SSO as authentication method.
When you first enable AWS SSO, all the data that you configure in AWS SSO is stored in the Region where you configured it. This data includes directory configurations, permission sets, application instances, and user assignments to AWS account applications. If you are using the AWS SSO identity store, all users and groups that you create in AWS SSO are also stored in the same Region. It is recommended that you install AWS SSO in a Region that you intend to keep available for users, not a Region that you might need to disable. For more information about AWS SSO Region availability [1].
Please note that when using Amazon Managed Grafana and AWS SSO, users are redirected to their existing company directory to sign in with their existing credentials. When you create a workspace and choose to use AWS SSO for authentication, Amazon Managed Grafana activates AWS SSO in your account if you are not already using it. To use AWS SSO with Amazon Managed Grafana, you must also have AWS Organizations activated in your account. If you don't have it activated already, Amazon Managed Grafana activates it when it activates AWS SSO. If Amazon Managed Grafana enables Organizations, it also creates an organization for you.
AWS Organizations supports only one AWS Region at a time. To enable AWS SSO in a different Region, you must first delete your current AWS SSO configuration. Switching to a different Region also changes the URL for the user portal, and you must reconfigure all permission sets and assignments.
References:
[1] https://docs.aws.amazon.com/singlesignon/latest/userguide/regions.html
[2] Required permissions for scenarios using AWS SSO : https://docs.aws.amazon.com/grafana/latest/userguide/authentication-in-AMG-SSO.html
[3] https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org.html
I hope the above information is helpful. Please feel free to reach out for any concerns.
Hi,
This issue might be fixed. Before the fix got Network Failure error. Test done. It is possible to deploy an Amazon Managed Grafana workspace in US-EAST-1 with Identity Center configured in SA-EAST-1.
Relevant content
- Accepted Answerasked 3 months ago
- Accepted Answerasked 5 months ago
- asked 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a month ago