Feature request for resource "aws-sso-scim_user" #7
Comments
|
Hello @wernerwws, thanks for testing the provider! Great to hear that it works great. We currently did not need the functionality of creating users, but I will take a look into enabling those features as well. Totally makes sense. |
|
Hello @wernerwws, the current feature branch (feature/7-aws-sso-scim_user, #8) contains a minimal implementation to create users, but I would like to spend more time on making it a feature complete (with the remaining attributes) resource. Is there any time requirement from your side? If so I can cut a release with that minimal implementation first. |
|
I also need this feature, just to create SSO user. Thank you a lot for spending time on it @JanKoppe |
|
Hi @JanKoppe , it is not urgent on my side. Thank you for your work! Best Werner |
|
Hi @JanKoppe, can you cut a release with minimal implementation please? |
|
Hello @quanght55, I've just released v0.3.1, which includes the current state of the |
|
Hello, I just tried the |
|
@manospasj I also use it with Gsuite and providing the email as the |
|
Thanks @wernerwws, the email is required in the AWS console and I assumed it was needed for GSuite as well. I will try just with the user_name as you suggested |
|
Hey! Sorry for not responding earlier, actually starting a 2-week vacation right now. I saw your PR already, that's really great to see. Let's try and get that in, I think I can spend a bit of time on that to get you up and running, despite my vacation. |
|
Thanks for that! I appreciate it! I can now confirm that the |
|
I've used this provider to sync across my Google Workspace users and groups to AWS SSO, but I'm still having some issues with the SAML IdP flow - can anyone confirm whether the userName and active flag are the only necessary fields to set for this (along with the required name fields)? Perhaps someone has written a blog post? I've tried manually populating some fields but with no success. Oddly enough, the SP flow seems to work properly. |
|
SP flow will likely work automatically due to JIT provisioning of new users in AWS SSO. Google Workspace apparently does not support SCIM for generic SAML SPs (quick search only, I might be wrong), so you're probably in a bit of a pickle here: you first need to have all users available, before you can use this provider to do the group management via SCIM (which is the exact use case this provider was developed for). I've never actually tried creating full users with this provider that are correctly mapped to external users. SCIM has an additional property called Do you maybe have a minimal terraform code example & error message to further look at the issue you have? |
|
Hi @JanKoppe, thanks for looking into this. Having played around with the SCIM API directly, I found that the issue wasn't with the user data at all, but with the SAML configuration (the start URL needed to be blank). I now have a fully working Google Workspace-to-AWS SSO user and group sync with Terraform, so thanks for your part in that. If I write up a blog about it I shall post it here. |
|
Nice to hear! Yes, if you put this in a blog post a link here would be very nice :) Happy that this works for you. |
I just tested the provider and it works great for creating groups and assigning group members, however it would be great to also have the ability to create users with it.
Is there something planned in that direction?
The text was updated successfully, but these errors were encountered: