DEVHIDE
Login Or Sign up

AWS IAM user sso login

1.5k Views Asked by At

I'm trying to login using awscli in console with a IAM user I created Steps I followed

  • Created the IAM user using the root user with AdministratorAccess, let's call the user james

  • Created access keys for james and downloaded/copy them

  • Configured awscli in local machine with

    [default]
 aws_access_key_id = XXX
 aws_secret_access_key = YYY
 sso_start_url = https://zzz.awsapps.com/start
 sso_account_id = 999888
 sso_region = eu-north-1

  • Logged in as james in https://999888.signin.aws.amazon.com/console and then went to https://console.aws.amazon.com/singlesignon/ and enabled sso login

  • Finally tried to connect from local machine using aws sso login

It successfully opens the browser and redirects with the code it shows a login page where it asks for a username (and then a password) I'm using the username james and trying with its password but it fails with We couldn't verify your sign-in credentials. Please try again.

Could you help me clear what am I missing? Thanks for the help in advance. Hope it's clear enough

amazon-web-services aws-sso
Original Q&A
1

There are 1 best solutions below

0
John Rotenstein On BEST ANSWER

If you want users to authenticate via an external service such as Active Directory, do not create an IAM User. Instead, users will authenticate themselves against the external identity store.

Instead, configure AWS IAM Identity Center.

From What is IAM Identity Center? (successor to AWS Single Sign-On):

With AWS IAM Identity Center (successor to AWS Single Sign-On), you can manage sign-in security for your workforce identities, also known as workforce users. IAM Identity Center provides one place where you can create or connect workforce users and centrally manage their access across all their AWS accounts and applications. You can use multi-account permissions to assign your workforce users access to AWS accounts. You can use application assignments to assign your users access to IAM Identity Center enabled applications, cloud applications, and customer Security Assertion Markup Language (SAML 2.0) applications.

The basic configuration steps are:

  • Enable IAM Identity Center
  • Choose your identity source (eg an Active Directory server)
  • Configure Administration users
  • Configure permission sets

See: Getting started - AWS IAM Identity Center

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AWS-SSO

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.