When setting 'Display Name' while switching role, what you're actually doing is setting the value for 'RoleSessionName'. When you assume a role through federation, this value is set for you by the federation broker.
E.g. In a traditional AD FS federation scenario, AD FS would set this for you via Claim Rules that your AD FS administrator would configure.
AWS SSO sets this value for 'RoleSessionName' and at this point in time, you cannot alter the value. The value is a combination of the name of the IAM Role being assumed, and the value of the email attribute of the directory user assuming the role.
Some suggestions on working around this would be to:
- Use the drop-down to the top-right of the Management Console (where you see the RoleSessionName) and you will see the Account Number. If you have the numbers & name combinations documented, then that could work.
- You could grant users very minor access to the Account Info page. Just enough to see the Account Name.
- Or as you mentioned, just simply have users check the account number of the account that they're in against the account number & account name that they can see in the AWS SSO 'My Apps' page.
+1 on this please. It is a must-have for me as well.
+1 on this. It is very inconvenient to just force every user to check account id all the time and unsafe to rely on it.
AWS SSO - what OU/account to use?asked 4 months ago
Name mismatch in AWS Training and certification accountasked a year ago
AWS SSO ForbiddenExceptionasked 5 months ago
I don't see the instances and I don't see anything AWSAccount1 created in my AWS account.asked 6 months ago
AWS SSO With External Accountasked 3 months ago
AWS SSO Switch Account Shortcutasked 2 months ago
Instructions to add another AWS account/user to my AWS accountasked 2 months ago
Unable to change SSO Idp to AD instance in member accountasked 4 months ago
Migrate existing SSO config to delegated AWS Accountasked 3 months ago
AWS SSO Current Account Nameasked 8 months ago