We have created a SAML application which allows portal users to do SSO and log into an internal platforms.
The way this is configured is as follows:
- IAM Identity Center contains the users and groups. It also has a SAML application to allow for the login flow to work.
- Cognito User Pool with Federated Identity Provider sign-in that points towards the IAM Identity sso portal (portal.sso.us-east-1.amazonaws.com)
The authentication process works fine. However, it looks like the IAM Identity Center groups are not being properly synced into the Cognito User Pool.
When you login -- a group is automatically created and all users are assigned to that single group. However their groups from IAM Identity Center are not auto synced.
Is there a particular setting that needs to be enabled for this to work?
AWS 官方已更新 3 年前
I thought the same thing, but Cognito doesn't seem to have such an option to map the external groups. Also, in the Identity Center docs there are no
rolesattributes mentioned https://docs.aws.amazon.com/singlesignon/latest/userguide/attributemappingsconcept.html so I'm scratching my head how this should be done. Do you have any links to docs that might be helpful?