Comments (4)
allquixotic
commented on June 12, 2024
1
Thanks Leela; in collaboration with my company and customer, we have produced a custom proprietary solution to this problem. We found a workaround to the Directory Service API limitation, and our solution leverages both the SSO SCIM API and SSO Extensions' S3 bucket interface for permission sets and links data.
from aws-iam-identity-center-extensions.
allquixotic
commented on June 12, 2024
I still haven't found any way to programmatically access the role/user mappings in Delegate console access other than web-based screen scraping (which sadly may end up being the route we take, because our timeline for SSO rollout is very aggressive). It seems like a glaring oversight in the AWS Directory Service API that no API exists to at least read this list.
Since there is no API to do this, and screen scraping would not be a suitable solution for a robust tool like SSO Extensions, I'm guessing this will have to go into blocked state until, someday, AWS introduces an API for Delegate console access.
Unfortunately, manually turning the crank is not an option for me, so I will be writing an in-house Microsoft Playwright script for this task.
from aws-iam-identity-center-extensions.
leelalagudu
commented on June 12, 2024
@allquixotic as discussed 2 months ago (yep, sorry about the delayed update) - we are providing automated provisioning for identity sources that do not have SCIM support through #42 . In favour of that issue, I'm closing the current one, as the team cannot do anything from a directory service API limiation point of view. Please do let us know if you would like us to tackle anything else regarding the current issue, and we will raise a new issue for that.
Thank you.
from aws-iam-identity-center-extensions.
leelalagudu
commented on June 12, 2024
That's some crafty workaround @allquixotic , glad you have it working now. Just to call this out again, we intend to provide both a generic SCIM converter i.e. middleware that would convert end point specific calls to SSO's SCIM API calls as well as prebuilt connectors as part of #42 . For the first iteration, we intend to provide the middleware and managed AD connector, with Google cloud as the second connector in our pipeline. While this would not be helping you with discovering stuff you have in directory service currently i.e. the limitation, it would however help you manage sync the changes from managed directory to SSO through SCIM. Given your indepth expertise on this topic, we would appreciate any feedback you could provide us on #42 when this feature is released.
Thank you once again,
Leela
from aws-iam-identity-center-extensions.
Related Issues (20)
- Update Deprecated Lambda Runtimes nodejs 12.x HOT 1
- Workshop updates HOT 1
- Unhandled exceptions when upgrading to 3.1.7 HOT 8
- Permission sets aren't provisioning in 3.1.7 HOT 3
- Unable to deploy 3.1.7
- Permission set doesn't update despite all good signs
- Trio of exception emails when uploading new permission sets
- Restricting creating Permission Sets without attaching the Permission Boundary for the same. HOT 1
- yarn install doesn't work HOT 1
- "User is missing the following permissions" error when trying to region switch HOT 1
- 3.2.0 introduces resource update behaviour bugs for IAM roles HOT 1
- Permission set schema doesn't handle NotAction and NotResource HOT 6
- ThrottlingException HOT 6
- Account provisioning does not work for tripple nested OUs HOT 4
- Permission sets failing to create with no SNS error HOT 9
- Option to make APIs / S3 uploads "always update" the solution HOT 2
- Space in group or user name should raise error
- Add customer managed policy and permission boundaries HOT 2
- Typo in Json Schema HOT 3
- AWS SSO renamed to AWS IAM Identity Center HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-iam-identity-center-extensions.