1 Answer
- Newest
- Most votes
- Most comments
1
There is not way as such in SAML to “sync” groups.
What you have to do is in the attributes returned for the user is to include group membership. It then depends if cognito will then create these groups.
I don’t have an indent centre to test with but it’s usually how SAML works.
Relevant content
- asked 3 months ago
- asked 8 months ago
- asked 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
I thought the same thing, but Cognito doesn't seem to have such an option to map the external groups. Also, in the Identity Center docs there are no
roles
attributes mentioned https://docs.aws.amazon.com/singlesignon/latest/userguide/attributemappingsconcept.html so I'm scratching my head how this should be done. Do you have any links to docs that might be helpful?