AWS Service Catalog. Grant SSO Users to the Portfolio

AWS SSO users are added to accounts through the use of AWS IAM Roles. You won't see the SSO group name or user name appear inside of the account. If you want to add a group of SSO users to a Service Catalog portfolio, you want to look in the Roles tab for a role starting with AWSReservedSSO followed by the name of the SSO Permission Set that you created.

Once you add the role to the portfolio, any users federated through AWS SSO with that permission set will be able to use the portfolio. If you are trying to restrict it down to only a select group of users within a permission set, you would probably want to create an SSO permission set specific for that group of users and provision it to your account.

Hey there, I know its a 1-year-old post, but my views. It will work with assigning roles. Though, if you set an expiration time with your SSO role, you might need to update access every time a new session is created. Have you encountered this issue? I am still in the testing phase, though thats my hypothesis on the issue which might come.