1 Answer
- Newest
- Most votes
- Most comments
1
AWS Documentation: https://docs.aws.amazon.com/singlesignon/latest/userguide/temporary-elevated-access.html
If you have ENTRA for your SSO provider, and have the appropriate enterprise license level, there is a Privileged Access workflow. The feature is called PIM, or Privileged Identity Management.
Microsoft Documentation: https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure
answered a month ago
Relevant content
- asked 9 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
I had a look into it. PIM alone is not enough. I configured it to have a workflow for getting temporary group memberships. But these seem to not sync directly to AWS, so it's not usable.
According to this: https://learn.microsoft.com/en-us/entra/permissions-management/how-to-attach-detach-permissions you can achieve this via Entra ID. BUT the Permissions Management feature is needed for it and this we don't have licensed.