1 Answer
- Newest
- Most votes
- Most comments
0
Hi as Manny_A mentioned, an AFT account request will create an Administrator user in Identity Centre(SSO) for the new account (This is actually a built in feature of Control Tower). However that's the only thing it will do.
To configure other users, groups, or permission sets for Accounts in your Organization, you will have to create separate code to achieve this. You will execute the code against the Org Management account (where Identity Centre is). Or if you have delegated that to another account, it will be there.
answered 6 months ago
Relevant content
- asked 2 years ago
- Accepted Answerasked a month ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
SSO separate config is not needed as long as proper parameters are in place. See https://github.com/aws-ia/terraform-aws-control_tower_account_factory/blob/main/sources/aft-customizations-repos/aft-account-request/examples/account-request.tf as a sample tf file for account provisioning with SSO parameters included.