SSO with Managed AD as idp - 403 forbidden

Hi,

I've connected the SSO idp to the Managed Active Directory with AD Connector as proxy between SSO and Active Directory.

User and groups are sync correctly I can loggin to the SSO I can attach permission set to account

After logging to the SSO when I click on the account to assume the role I got a 403 error {"message":"No access","__type":"com.amazonaws.switchboard.portal#ForbiddenException"}

I don't know where to search to solve this issue.

Can you please help me ?

Regards

トピック: 管理とガバナンスセキュリティ、アイデンティティ、コンプライアンス
タグ: AWS IAM アイデンティティセンター AWS Identity and Access Management AWS アカウントマネジメント AWS Directory Service
言語: English

FabienG

質問済み 3年前674ビュー

2回答

新しい順
投票が多い順
コメントが多い順

承認された回答

HI,

Solved, the issue was a mapping problem between AWS Managed AD and SSO. The SSO user primary-email field was empty.

We change the mapping, everything works well

Regards

FabienG

回答済み 3年前

エキスパート

Adeleke Adebowale .J.

レビュー済み 1年前

Kisshore Gunasekaran
3年前
Hi @fabieng, can you please share the attribute mapping configured on the SSO.

I recommend you review the metadata issued and supported by AWS SSO. Then check the attribute mapping making sure the format is set to "transient"

Gerardo Castro Arica

回答済み 3年前

SSO with Managed AD as idp - 403 forbidden

回答を追加する

関連するコンテンツ