question

SwathiDhanwada-MSFT avatar image
0 Votes"
SwathiDhanwada-MSFT asked ·

[MSDN Redirect] User provisioning from Azure AD to AWS will not start

Following the instructions in the AWS blog post entitled "The Next Evolution in AWS Single Sign-On", I have created an Enterprise Application in Azure Active Directory and changed the identity source in AWS SSO to be Azure AD. As an initial test, I configured AWS SSO provisioning to "manual" and created a user in AWS SSO with a "Username" that matches my Azure AD "Unique User Identifier". I was able to log into the AWS console successfully. When I tested sign on using "Test this application" in Azure AD it worked as expected and I was successfully logged into AWS with the option to choose an account and role to assume.


The problem is that I cannot get automatic user provisioning to work.

  • I enabled automatic provisioning in AWS SSO.

  • I enabled automatic provisioning in Azure AD.

  • I have one group assigned to the Azure AD Enterprise Application, containing three users.

  • As the blog post recommends, I created a mapping between the objectId Azure Active Directory attribute and the externalId customappsso attribute.

  • I've waited at least 40 minutes.

  • There are no entries in the Azure AD provisioning logs showing interaction between Azure AD and AWS.

  • The Azure AD audit log shows a success entry stating "Provisioning to enterprise application access was configured and started".

  • I tried "Clear current state and restart synchronization", but user provisioning still did not start. The audit logs records this action as "Provisioning to access was restarted. We will revisit all users in your directory".

Azure AD always says "Initial cycle not run". The Azure SSO Users and Groups pages are both empty, but I am expecting to see three users and one group.

What could be wrong?

Source : https://social.msdn.microsoft.com/Forums/en-US/b5b6b14d-dcdc-4d30-86f5-35b25ca447ca/user-provisioning-from-azure-ad-to-aws-will-not-start?forum=windowsazuremanagement

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak avatar image
0 Votes"
MarileeTurscak answered ·

Try deleting and re-adding the Enterprise Application.

I would also try following the Microsoft tutorial. https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/amazon-web-service-tutorial

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.