1 回答
- 最新
- 投票最多
- 评论最多
1
It's not an easy task, you need to have a plan because it not just involves copy-and-paste the username, but also the permission configuration in your account (Otherwise, you'll just create a bunch of users without any permission).
- First, you need to gather the list of IAM users, and categorise them into groups according to their permission level.
- For every permission level, you need to create a permission set
- Create SSO users (Note that the information required is more than IAM users, you'll need the users' email address. So you can't simply copying the IAM username here)
- Create group and add the SSO users into them by the permission category you defined earlier
- Assign permission sets to different groups
Migrating to AWS SSO is not just a technical task but also an opportunity to review the access management of your organisation.
已回答 2 年前