Identity Center not sending OTP emails to users created using the CreateUser API
https://docs.aws.amazon.com/singlesignon/latest/userguide/userswithoutpwd.html
According to this documentation, users created in the Identity Store using the CreateUser API should receive their password by email but it does not work. I don't receive any email (I tried several email addresses).
What I have done:
- I created users using this API call : https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.html
- I followed the documentation and enable this feature (see the screenshot attached)
- I did check my spams
- When a manually reset the user password, I do receive an email from Identity Center
- Newest
- Most votes
- Most comments
Hello. I see that you have already checked your spam for the OTP. All emails sent by the IAM Identity Center service will come from either the address no-reply@signin.aws or no-reply@login.awsapps.com. Your mail system must be configured so that it accepts emails from these sender email addresses and does not handle them as junk or spam. Emails not being delivered can have various root causes. The following can help you troubleshoot some common issues:
- Confirm that the email address assigned to the newly created user is the correct email address that should be receiving the OTP.
- Send an e-mail to the target address from outside your domain → ensure that the address is working properly.
- Check the logs of your mail server (if you have access to them) → do you see delivery attempts? Are they blocked, gray-listed, or delivered?
- If you don't see any attempts on your mail server, create a support case with AWS support, potentially the above step must be executed also on the sending mail server.
For additional information, please refer to the following documentation: https://docs.aws.amazon.com/singlesignon/latest/userguide/troubleshooting.html.
Hi,
Same problem here.
After check "Send email OTP" option for users created from API and creating some users using Python SDK and/or AWS CLI any email is received.
I wonder if the user should take any action since the documentation literally says "Users receive the email OTP when they first attempt to sign in". I have tried a "first attempt to sign" from AWS access portal (https://subdomain.awsapps.com/start#/) but after entering the username I am blocked because it then asks for the password that I do not have yet. Unfortunately the password recovery option doesn't work either. When I enter the captcha an error says "It's our problem, not yours. We were unable to complete your request at this time. Please try again later."
Any idea on this? How can I send the invitation or OTP email to IAM Identity Center users programmatically?
Best regards.
Relevant content
- Accepted Answerasked 8 months ago
- asked 5 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 5 months ago
