"It's not you, it's us" when accepting IAM Identity Center invitation

1

Hello, I was following the tutorial https://aws.amazon.com/getting-started/guides/setup-environment/module-two/ on creating IAM Identity center users. I started it yesterday, created a user, assigned a group, then I received email with invitation. When I clicked I was asked to choose MFA, which I didn't want yet, so I closed the browser tab. Today, I continued the tutorial with adding permission sets to that administrative user. But when I now open the invitation I get: "It's not you, it's us We couldn't complete your request right now, please try again later". Of course, later is no better. So maybe it's me, after all.

  1. How can I recover from that? Should I delete the user and create again?
  2. Is MFA mandatory for administrative users created that way? When the invitation was showing me the MFA options, it was stated that my AWS organization requires MFA. But it was me, who created that AWS organization, so I should be probably able to turn it off. The tutorial implies it's mandatory though.
2回答
1

Hello.

How can I recover from that? Should I delete the user and create again?

Yes, I think it would be easier to recreate it.

Is MFA mandatory for administrative users created that way? When the invitation was showing me the MFA options, it was stated that my AWS organization requires MFA. But it was me, who created that AWS organization, so I should be probably able to turn it off. The tutorial implies it's mandatory though.

I believe that IAM Identity center is set by default to require MFA to be registered at sign-in.
https://docs.aws.amazon.com/singlesignon/latest/userguide/how-to-configure-mfa-device-enforcement.html

If MFA is forced in IAM Identity center, I think the settings in the following document are related.
Please sign in as an administrator and check the settings in the document below.
https://docs.aws.amazon.com/singlesignon/latest/userguide/mfa-getting-started.html

a

It may be possible to resolve the issue by setting it to "Allow them to sign in".
b

profile picture
エキスパート
回答済み 2ヶ月前
profile picture
エキスパート
レビュー済み 2ヶ月前
0

After clicking the "Accept invitation" link once in the invite email, I think the link is no longer good. The "It's not you, it's us" error message should probably say "Invite was previously accepted already" or something similar.


In the email, it's easy to miss this text below the invite button link:

Accessing the AWS access portal

After you've accepted the invitation, you can sign in to the AWS access portal by using the information below.


So for future logins, use the "Your AWS access portal URL" link from the email.


Once you're logged in, instead of the dashboard (which I was expecting to see) you'll see a list of Accounts you have accepted invites to. Select the Account you want to manage, then select which Role within the account you want to use (each Account can have multiple Roles with varying permissions is my understanding).

回答済み 8日前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ