By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS SSO and AD timeouts/password compliance

0

When an AD is connected to IAM Identity Center Does the SSO portion of IAM Identity Center inherit the policies within the AD? when attempted to reset password does it restrict users to the password policy of the AD GPO and does it enforce timeouts? if so how does one set that up after connecting the AD to IAM Identity Center

Thank you!

Topics
Security, Identity, & ComplianceAWS Well-Architected Framework
Tags
Security, Identity, & ComplianceAWS Identity and Access ManagementAWS Directory ServiceAWS IAM Identity CenterSecurity
Language
English
Draenoel
asked a year ago249 views
1 Answer
0

When AD is connected to IAM identity center, it is primarily used as a Identity provider. The policies in AD does not have any effect on Identity center. IAM Identity Center uses the connection provided AD to synchronize user, group, and membership information from your source directory in Active Directory to the IAM Identity Center identity store. No password information is synchronized to IAM Identity Center, since user authentication takes place directly from the source directory in Active Directory. This identity data is used by IAM Identity Center enabled applications to facilitate in-app lookup, authorization, and collaboration scenarios without passing LDAP activity back to the source directory in Active Directory.

Additional info can be found at https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-ad.html

AWS
CheriyanM
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content