使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

SSO with Managed AD as idp - 403 forbidden

0

Hi,

I've connected the SSO idp to the Managed Active Directory with AD Connector as proxy between SSO and Active Directory.

User and groups are sync correctly I can loggin to the SSO I can attach permission set to account

After logging to the SSO when I click on the account to assume the role I got a 403 error {"message":"No access","__type":"com.amazonaws.switchboard.portal#ForbiddenException"}

I don't know where to search to solve this issue.

Can you please help me ?

Regards

主題
安全性、身分識別與合規管理與治理
標籤
AWS Identity and Access ManagementAWS Directory ServiceAWS IAM Identity CenterAWS Account Management
語言
English
FabienG
已提問 1 年前檢視次數 398 次
2 個答案
1
已接受的答案

HI,

Solved, the issue was a mapping problem between AWS Managed AD and SSO. The SSO user primary-email field was empty.

We change the mapping, everything works well

Regards

FabienG
已回答 1 年前
  • Kisshore Gunasekaran
    1 年前

    Hi @fabieng, can you please share the attribute mapping configured on the SSO.

0

I recommend you review the metadata issued and supported by AWS SSO. Then check the attribute mapping making sure the format is set to "transient"

profile picture
Gera
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容