Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

How do you sync IAM Identity Center groups to Cognito?

0

We have created a SAML application which allows portal users to do SSO and log into an internal platforms.

The way this is configured is as follows:

  1. IAM Identity Center contains the users and groups. It also has a SAML application to allow for the login flow to work.
  2. Cognito User Pool with Federated Identity Provider sign-in that points towards the IAM Identity sso portal (portal.sso.us-east-1.amazonaws.com)

The authentication process works fine. However, it looks like the IAM Identity Center groups are not being properly synced into the Cognito User Pool. When you login -- a group is automatically created and all users are assigned to that single group. However their groups from IAM Identity Center are not auto synced.

Is there a particular setting that needs to be enabled for this to work?

Temas
Seguridad, identidad y cumplimiento
Etiquetas
Centro de identidad de AWS IAMIdentidades federadas de Amazon CognitoGrupos de usuarios de Amazon CognitoAmazon Cognito Sync
Idioma
English
stodorov
preguntada hace 9 meses387 visualizaciones
1 Respuesta
1

There is not way as such in SAML to “sync” groups.

What you have to do is in the attributes returned for the user is to include group membership. It then depends if cognito will then create these groups.

I don’t have an indent centre to test with but it’s usually how SAML works.

profile picture
EXPERTO
Gary Mclean
respondido hace 9 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante