AWS SSO - Manage Users

Question

I'm seeing a problem today that I haven't previously encountered.

When I navigate to the AWS SSO Users page there is a information message displayed at the top of the screen.

```
Your identity source is currently configured as 'External identity provider'. To add new users or edit their attributes, you must do this using your external identity provider.
```

Along with this message the 'Add user' button has been removed from the UI.

The problem is that my External identity provider is G Suite, and as stated in the [AWS Docs for setting up SSO with G Suite](https://aws.amazon.com/blogs/security/how-to-use-g-suite-as-external-identity-provider-aws-sso/).
>AWS SSO supports automatic user provisioning via the System for Cross-Identity Management (SCIM). However, this is not yet officially supported for G Suite custom SAML applications. In the meantime, you can manually create users.

I have a new user that I need to create an SSO account for but I'm now completely unable to do this.
This has never been a problem before and I successfully added a user in this way on the 23rd May, just 3 days ago.

Thanks

Accepted Answer

What is the Provisioning method,  "SCIM" or "AWS SSO"?(You can see it at "AWS SSO" Management Console -> "Settings" -> "Identity source" Tab.)

If "SCIM", you cannot edit the users and groups on AWS SSO.  Can you disable it with the steps described at below link?

https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-automatically.html#disable-provisioning

Answer

Thank you.
Yes that was the problem. The provisioning method had been set to SCIM.
Disabling automatic provisioning has given me back the Add User Button.

AWS SSO - Manage Users

Relevant content