By rogue domains users you mean they had IAM users (credentials for login in the Console) using the domain before using the SSO? You will able to see this user on IAM console, and delete it.
They will be able to login both ways. One using the SSO and other directly through the console. Because while they have the email as username, it could be just another string. And it will be better for management, security and compliance that anyone logs under the SSO.
- Accepted Answerasked 10 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
- EXPERTpublished 5 months ago
- EXPERTpublished 8 months ago