By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How do you sync IAM Identity Center groups to Cognito?

0

We have created a SAML application which allows portal users to do SSO and log into an internal platforms.

The way this is configured is as follows:

  1. IAM Identity Center contains the users and groups. It also has a SAML application to allow for the login flow to work.
  2. Cognito User Pool with Federated Identity Provider sign-in that points towards the IAM Identity sso portal (portal.sso.us-east-1.amazonaws.com)

The authentication process works fine. However, it looks like the IAM Identity Center groups are not being properly synced into the Cognito User Pool. When you login -- a group is automatically created and all users are assigned to that single group. However their groups from IAM Identity Center are not auto synced.

Is there a particular setting that needs to be enabled for this to work?

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity CenterAmazon Cognito Federated IdentitiesAmazon Cognito User PoolsAmazon Cognito Sync
Language
English
stodorov
asked 9 months ago362 views
1 Answer
1

There is not way as such in SAML to “sync” groups.

What you have to do is in the attributes returned for the user is to include group membership. It then depends if cognito will then create these groups.

I don’t have an indent centre to test with but it’s usually how SAML works.

profile picture
EXPERT
Gary Mclean
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content