Posted On: Apr 14, 2022
If you use Microsoft Active Directory (AD) as your identity source with AWS Single Sign-On (AWS SSO), you can now configure your list of users and groups to synchronize from AD into AWS SSO and pause synchronization. With configurable synchronization, you can synchronize users and groups consistent with your data sovereignty requirements. You can also pause synchronization when necessary and synchronize during desired hours.
Previously, all your AD identities were available for AWS SSO assignments. Now you can limit which of your AD identities are available for assignment by specifying which users and groups to synchronize from AD into AWS SSO. Additionally, you now can synchronize and assign access to nested groups through the parent group, which means you can manage what is synchronized by controlling group membership in AD.
AWS SSO is available at no additional cost. Use AWS SSO to connect your AD to AWS once, and centrally manage your AD users' access to applications and your AWS accounts. Configurable synchronization for AWS SSO is available in the US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm) and South America (Sao Paulo) regions. To learn more about AWS SSO or the synchronization process, see the AWS Single Sign-On User Guide or the documentation about connecting to your AD directory.