amazon-web-servicesaws-sso

AWS IAM user sso login


I'm trying to login using awscli in console with a IAM user I created Steps I followed

It successfully opens the browser and redirects with the code it shows a login page where it asks for a username (and then a password) I'm using the username james and trying with its password but it fails with We couldn't verify your sign-in credentials. Please try again.

Could you help me clear what am I missing? Thanks for the help in advance. Hope it's clear enough


Solution

  • If you want users to authenticate via an external service such as Active Directory, do not create an IAM User. Instead, users will authenticate themselves against the external identity store.

    Instead, configure AWS IAM Identity Center.

    From What is IAM Identity Center? (successor to AWS Single Sign-On):

    With AWS IAM Identity Center (successor to AWS Single Sign-On), you can manage sign-in security for your workforce identities, also known as workforce users. IAM Identity Center provides one place where you can create or connect workforce users and centrally manage their access across all their AWS accounts and applications. You can use multi-account permissions to assign your workforce users access to AWS accounts. You can use application assignments to assign your users access to IAM Identity Center enabled applications, cloud applications, and customer Security Assertion Markup Language (SAML 2.0) applications.

    The basic configuration steps are:

    See: Getting started - AWS IAM Identity Center