I try to create a user in AWS Identity Center using create-user (https://awscli.amazonaws.com/v2/documentation/api/latest/reference/identitystore/create-user.html).
aws identitystore create-user \
--identity-store-id ${IDENTITY_STORE_INSTANCE_ID} \
--user-name ${USERNAME} \
--name '{ "FamilyName": "'${LAST_NAME}'", "GivenName": "'${FIRST_NAME}'" }' \
--display-name "${DISPLAY_NAME}" \
--emails '[{ "Value": "'${EMAIL}'", "Primary": true }]'
The user is successfully created but somehow the password part is missing, i.e. I can't set an option how to create the password. Also no invitation email is send to the user.
So I looked at the process in the portal by checking the API calls and there are two attributes I can't find anywhere in CLI or the API (https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_CreateUser.html) reference -> Active and probably more important PasswordMode:
{
"IdentityStoreId": "xxx",
"UserName": "xxx",
"UserAttributes": {
"emails": {
"ComplexListValue": [
{
"value": {
"StringValue": "[email protected]"
},
"type": {
"StringValue": "work"
},
"primary": {
"BooleanValue": true
}
}
]
},
"name": {
"ComplexValue": {
"givenName": {
"StringValue": "xxx"
},
"familyName": {
"StringValue": "xxx"
}
}
},
"displayName": {
"StringValue": "xxx"
}
},
"Active": true,
"PasswordMode": "EMAIL"
}
How can I create then a user including password and invitation using AWS CLI v2?
Same problem here. This should solve the issue but unfortunately it doesn't work for me:
https://docs.aws.amazon.com/singlesignon/latest/userguide/userswithoutpwd.html
"Send email OTP" option in IAM Identity Center console enable OTP emails for users created from API.
The page literally says "Users receive the email OTP when they first attempt to sign in". I wonder what exactly this means since after entering the username it asks me for the password which I have not yet been able to set. Try to reset the password from the AWS Access Portal also didn't work.
Please, try this and tell us if it worked.