- 最新
- 投票最多
- 评论最多
Can you detail which identity source you are using? SSO internal, AD, or an external identity provider? I'm using AzureAD as an external identity provider.
I guess you are using SAML 2.0 integration then? In that case you need to configure the session lifecycle on the Azure AD side. (see: https://docs.microsoft.com/en-us/graph/api/resources/tokenlifetimepolicy?view=graph-rest-1.0). The lifetime of the session set the maximum time a user can use the Amazon SSO web portal without re-authenticating to the external IDP.
I don't see this attribute listed in AWS's list of SAML assertions though. The closest one I can find is SessionDuration but that only affects the AWS Management Console and not the AWS User Portal. Its uses 60 minutes as a default if not specified.
So what this effectively does is it expires the AWS Management Console session after 60 minutes. However, if you can go back to the browser tab where you still have the User Portal open, you can click on the "Management Console" link to open a new session for 60 minutes without having to do any re-authentication with SAML.
The "User Portal" seems to leave its session open for several hours (I think 8 but I need to test that)
Where would I deploy the policy in Entra?
Can you detail which identity source you are using? SSO internal, AD, or an external identity provider?
I'm using AzureAD as an external identity provider.
Identity center launched the new feature to configure session duration for access portal - https://docs.aws.amazon.com/singlesignon/latest/userguide/configure-user-session.html
相关内容
AWS 官方已更新 1 年前- AWS 官方已更新 1 年前
Can you detail which identity source you are using? SSO internal, AD, or an external identity provider?