Will AWS SSO conflict with IAM ID provider?
Hi -
I already have a few AWS accounts that use IAM and a SAML identity provider (Azure AD). I'd like to start implementing AWS SSO, but I want to make sure that it will not conflict with my existing integrations with IAM and federations. Can anyone comment on that?
Thanks
Al
Hi Al,
If you start using SSO your existing integrations with IAM will not be impacted.
When you use SSO a new IdP(Identity provider) with the name format: "AWSSSO_e1234a56b0b90f8b_DO_NOT_DELETE" is created.
After this when you create permission sets and assign them to user, the roles corresponding to these permission sets are then created in IAM with the following name format:-
This role was created for the permission set name: AdministratorAccess= "AWSReservedSSO_AdministratorAccess_e12a34c56dfb478a"
These roles then have a trust relationship policy which trust the Identity provider created by SSO.
I hope this answers your query.
Relevant questions
Implementing SSO with on-site system
asked 5 months agoELI5: AWS CLI and SSO
asked 7 months agoAWS SSO ERROR 403 with AD connector
asked 15 days agoAWS SSO "User Portal" session timeout.
asked a month agoCan I keep existing IAM users and add SSO to our accounts
asked 2 years agoMigrate IAM Users to AWS SSO
asked 24 days agoWill AWS SSO conflict with IAM ID provider?
Accepted Answerasked 2 years agoDoes IAM Federation with Google Workspace support user groups?
asked 2 months agoAWS SSO + Azure AD, no way to access AWS Console?
Accepted Answerasked 5 months agoHow do I sign into re:Post using AWS SSO?
Accepted Answerasked 7 months ago