- 新しい順
- 投票が多い順
- コメントが多い順
I assume you are using Azure AD (new name "Entra ID") and integrated with AWS Identity Center by defining an 'Enterprise Application' of 'AWS IAM Identity Center (successor to AWS Single Sign-On)' in Azure. In such a scenario you use SCIM to provision users/groups from Azure to AWS IdC. You can confirm this by looking into your setup, find that Enterprise Application and click it see the "provisioning" configurations.
Please don't mix such a solution with a solution of IdC integration with a Microsoft AD (AWS managed MS AD or AD connector). ADSync that you referred to is applicable for the latter. The former is integrated using SAML, SCIM.
Back to your question of why group is not synced. If your user can be synced but not the group. I am guessing: are you using a free Azure account? With a free account, you can't assign groups to the application (the 'Enterprise Application" you created for AWS IdC in Azure), thus sync will not be done. Check the 3rd paragraph of https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=portal
Please accept answer if it answers your question.
Hi,
You may want to try and do the same via CLI with the different apis used by AWS IIC:
- https://awscli.amazonaws.com/v2/documentation/api/latest/reference/identitystore/index.html#available-commands
- https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sso-admin/index.html#available-commands
- https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sso/index.html#available-commands
describe-user is the first command you may want to use with the user that you created: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/identitystore/describe-user.html
Best,
Didier
関連するコンテンツ
AWS公式更新しました 1年前
