Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do you sync IAM Identity Center groups to Cognito?

0

We have created a SAML application which allows portal users to do SSO and log into an internal platforms.

The way this is configured is as follows:

  1. IAM Identity Center contains the users and groups. It also has a SAML application to allow for the login flow to work.
  2. Cognito User Pool with Federated Identity Provider sign-in that points towards the IAM Identity sso portal (portal.sso.us-east-1.amazonaws.com)

The authentication process works fine. However, it looks like the IAM Identity Center groups are not being properly synced into the Cognito User Pool. When you login -- a group is automatically created and all users are assigned to that single group. However their groups from IAM Identity Center are not auto synced.

Is there a particular setting that needs to be enabled for this to work?

Topics
Security, Identity, & Compliance
Tags
Amazon Cognito Federated IdentitiesAWS IAM Identity CenterAmazon Cognito User PoolsAmazon Cognito Sync
Language
English
asked 3 years ago1K views
1 Answer
1

There is not way as such in SAML to “sync” groups.

What you have to do is in the attributes returned for the user is to include group membership. It then depends if cognito will then create these groups.

I don’t have an indent centre to test with but it’s usually how SAML works.

EXPERT
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content