Code Monkey home page Code Monkey logo

Comments (2)

leelalagudu avatar leelalagudu commented on June 12, 2024

We've had some time to think through a design approach for implementing this feature, and observed that with the current AWS SSO admin and identity store API's that are available , we won't be able to implement this feature 100% . As we do not want to have an incomplete feature rolled out in the solution, we've decided to park this feature request until AWS SSO updated their API specifications.

Details around the design limitation are described below:

  • The current AWS SSO Identity Store's List Users and List Groups do not allow a wild card based call. These API's expect the filters element in the payload to specify an attribute value.
  • Additionally, AWS SSO admin API's account assignment operations require the GUID of the user/group the permission set is being assigned to as part of the API's payload.
  • In our solution with the current design, we have event bridge rules that listen on SSO group events (for local identity store, SCIM, and Active Directory based sources) that allow us to persist the mapping between friendly names and the GUID's of the user groups. This allowed us to provide enterprise friendly account assignment operations as a solution feature
  • However, when we looked at importing existing AWS SSO configuration into the solution to enable customers to use our solution and manage their access entitlements created outside of the solution, we've noticed that there's no programmatic way for us to get hold of existing groups that were created prior to the solution's deployment, which meant that we won't be able to offer a way for you to manage your access entitlements using user groups created prior to the solution deployment.
  • Therefore, we've decided to park this feature until AWS SSO Identity store API allows a wild card based search on the List Users and List Groups API operations. Or, alternatively allow a way to discover existing users/groups in the AWS SSO configuration.

from aws-iam-identity-center-extensions.

leelalagudu avatar leelalagudu commented on June 12, 2024

We've now worked out a mechanism to handle this feature. Instead of persisting user name - user id and group display name - group id mappings, the solution will now dynamically do the lookup for this value and will therefore not need a list API to get this information.

from aws-iam-identity-center-extensions.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.