AWS SSO and AD timeouts/password compliance

Question

When an AD is connected to IAM Identity Center Does the SSO portion of IAM Identity Center inherit the policies within the AD? when attempted to reset password does it restrict users to the password policy of the AD GPO and does it enforce timeouts? if so how does one set that up after connecting the AD to IAM Identity Center

Thank you!

Answer

When AD is connected to IAM identity center, it is primarily used as a Identity provider. The policies in AD does not have any effect on Identity center. IAM Identity Center uses the connection provided AD to synchronize user, group, and membership information from your source directory in Active Directory to the IAM Identity Center identity store. No password information is synchronized to IAM Identity Center, since user authentication takes place directly from the source directory in Active Directory. This identity data is used by IAM Identity Center enabled applications to facilitate in-app lookup, authorization, and collaboration scenarios without passing LDAP activity back to the source directory in Active Directory.

Additional info can be found at https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-ad.html

AWS SSO and AD timeouts/password compliance

関連するコンテンツ