Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

How do you sync IAM Identity Center groups to Cognito?

0

We have created a SAML application which allows portal users to do SSO and log into an internal platforms.

The way this is configured is as follows:

  1. IAM Identity Center contains the users and groups. It also has a SAML application to allow for the login flow to work.
  2. Cognito User Pool with Federated Identity Provider sign-in that points towards the IAM Identity sso portal (portal.sso.us-east-1.amazonaws.com)

The authentication process works fine. However, it looks like the IAM Identity Center groups are not being properly synced into the Cognito User Pool. When you login -- a group is automatically created and all users are assigned to that single group. However their groups from IAM Identity Center are not auto synced.

Is there a particular setting that needs to be enabled for this to work?

Argomenti
Sicurezza, identità e conformità
Tag
Centro identità AWS IAMIdentità federate di Amazon CognitoBacini di utenza di Amazon CognitoAmazon Cognito Sync
Lingua
English
stodorov
posta 9 mesi fa387 visualizzazioni
1 Risposta
1

There is not way as such in SAML to “sync” groups.

What you have to do is in the attributes returned for the user is to include group membership. It then depends if cognito will then create these groups.

I don’t have an indent centre to test with but it’s usually how SAML works.

profile picture
ESPERTO
Gary Mclean
con risposta 9 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente