AWS SSO with Control Tower Accounts

Hello team! Do I need to configure SSO separately for the additional accounts I added using AFT or it will provide SSO automatically?

Manny_A
6 months ago
SSO separate config is not needed as long as proper parameters are in place. See https://github.com/aws-ia/terraform-aws-control_tower_account_factory/blob/main/sources/aft-customizations-repos/aft-account-request/examples/account-request.tf as a sample tf file for account provisioning with SSO parameters included.

Topics

Security, Identity, & Compliance Management & Governance

Tags

Security, Identity, & Compliance AWS Identity and Access Management AWS Control Tower AWS Organizations AWS IAM Identity Center

Language

English

Gajalakshmi

asked 6 months ago333 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

Accepted Answer

Hi as Manny_A mentioned, an AFT account request will create an Administrator user in Identity Centre(SSO) for the new account (This is actually a built in feature of Control Tower). However that's the only thing it will do.

To configure other users, groups, or permission sets for Accounts in your Organization, you will have to create separate code to achieve this. You will execute the code against the Org Management account (where Identity Centre is). Or if you have delegated that to another account, it will be there.

Jimmy Morgan

answered 6 months ago

EXPERT

Giovanni Lauria

reviewed a month ago

Relevant content

AWS SSO - what OU/account to use?
Sergei
asked 2 years ago
Deleted AWS Control Tower and SSO and now cannot disable the other accounts created.
Accepted Answer
deloittepocra
asked a month ago
AWS SSO in Control Tower / Organisations with Systems Manager Run As
mdiaper
asked 2 years ago
Using Terraform with AWS SSO accounts
gx_ale
asked 2 years ago
How do I configure an SSO user to access my Amazon EKS cluster?
AWS OFFICIALUpdated a year ago
How do I configure the NGINX Ingress Controller to increase the client request body, activate CORS to allow additional headers, and use WebSocket with Amazon EKS?
AWS OFFICIALUpdated 2 months ago
How do I gain access as an AWS account root user to the account created by Account Factory or Account Vending Machine in AWS Control Tower?
AWS OFFICIALUpdated 3 years ago
Does using the IAM Identity Center affect my IAM identities or federation configuration?
AWS OFFICIALUpdated a year ago
Avoiding additional bills when migrating accounts between AWS Organizations
EXPERT
Andre Portela
published 5 months ago
How to connect to a private EC2 instance from a local Visual Studio Code IDE with Session Manager and AWS SSO (CLI)
EXPERT
Faraz_AWS
published 2 years ago