If you're experiencing issues with your AWS services, then please refer to the AWS Health Dashboard. You can find the overall status of ongoing outages, the health of AWS services, and the latest updates from AWS engineers.
iam identity center new user login issue
- I know that I have to use the access portal url provided in the invitation email and I do
- In IAM identity center ,user X has been created and added to the Admin group. The admin group has been assigned global admin rights and its assigned to all organization accounts
- Invitation email received and accepted. new password set.
- When trying to login, (with the provided access portal url), i get see picture:
TRANSLATION: your login information could not be verified. please try again
- password iand user name are correct, of course.
- this is going on since yesterday
- Newest
- Most votes
- Most comments
So, i have found the solution. in authentication settings withn IAM center, there was a policy blocking users, even new ones, to login when not having configured mfa. disable that. please set as in image
Hello.
As described in the following document, this error occurs if there is a time synchronization issue on your PC.
Also, in my experience, browser extensions have sometimes caused problems, so try signing in using your browser's incognito mode, switching browsers, or using a different PC.
Also, if you are using an external IdP as your IAM Identity Center IdP, you will need to ensure that the IdP certificate is the same as the one provided by your IdP.
https://docs.aws.amazon.com/singlesignon/latest/userguide/troubleshooting.html#issue14
I get an 'It's not you, it is us' error when attempting to sign in to IAM Identity Center
This error indicates there is a setup problem with your instance of IAM Identity Center or the external identity provider (IdP) IAM Identity Center is using as its identity source. We recommend you verify the following:
Verify the date and time settings on the device you are using to sign in. We recommend that you set the date and time to be set automatically. If that is not available, we recommend syncing your date and time to a known Network Time Protocol (NTP) server.
Verify that the IdP certificate uploaded to IAM Identity Center is the same as what was provided by your IdP. You can check the certificate from the IAM Identity Center console by navigating to Settings. In the Identity Source tab choose Action and then choose Manage Authentication. If the IdP and IAM >Identity Center certificates do not match, import a new certificate to IAM Identity Center.
Ensure the NameID format in your identity provider's metadata file is the following:
urn:oasis:name:tc:SAML:1.1:nameid-format:emailAddress
If you are using AD Connector from AWS Directory Service as your identity provider, verify that the credentials for the service account are correct and have not expired. See Update your AD Connector service account credentials in AWS Directory Service for more information.
Relevant content
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a month ago
Thank you for your answer. I just reprodeuced in another organization and there has been no problems. ni IDp in place in any of both. I would also like to point out that there are other users already in iam identity center which have been created some time ago and they also only below to the same admin group. this is only happening with new users