Best way to enable trusted access to an Organization for Identity Center instance

0

Trying to create an organization-level instance of Identity Center. When I try, the Identity Center console says I don’t have trusted access to my organization. It suggests I go to the Organization console to enable trusted access. When I get there, the organization console says no, don’t enable trusted access from here, enable it from the Identity Center console, that way IC can also perform any necessary setup tasks. But I see no place in the IC console to enable trusted access to the org, just the link telling me to go do it from the org side. Which way is correct? And how do I enable trusted access from the IC side in that case?

2 Answers
0

We recommend that whenever possible, you use the AWS IAM Identity Center console or tools to enable integration with Organizations. This lets AWS IAM Identity Center perform any configuration that it requires, such as creating resources needed by the service.

From what you are describing, it seems there are permissions issues for your access. Make sure to look at our documentation that provides permissions needed.

Follow the steps to enable:

  • Sign in to the AWS Organizations console
  • You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization’s management account.
  • In the navigation pane, choose Services.
  • Choose AWS IAM Identity Center in the list of services.
  • Choose Enable trusted access.
  • In the Enable trusted access for AWS IAM Identity Center dialog box, type enable to confirm it, and then choose Enable trusted access.
  • If you are the administrator of only AWS Organizations, tell the administrator of AWS IAM Identity Center that they can now enable that service using its console to work with AWS Organizations.
AWS
answered 2 months ago
0

Check if you have enabled Identity Center account level instances (https://docs.aws.amazon.com/singlesignon/latest/userguide/account-instances-identity-center.html?icmpid=docs_sso_console) in any of the regions. If yes delete the account level instance and try to enable organization level instance again.

AWS
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions