AWS IAM Identity Center Provisioning Error: "List attribute addresses exceeds allowed limit of 1"
Feb 28, 2025
Okta Classic Engine
Okta Identity Engine
Okta Integration Network
Overview
The AWS IAM Identity Center provisioning flow fails with the following error visible on the Okta Dashboard.
Push user's profile to external application
FAILURE: Bad Request. Errors reported by remote server: List attribute addresses exceeds allowed limit of 1
NOTE: The same error can be returned for attributes such as email or phone number.
Applies To
- AWS IAM Identity Center
- Provisioning
- Task Error
Cause
More than one value for a single attribute (also known as “multi-value attributes”) is being sent for a user.
For example, the user may have both a work and a home phone number as part of their Okta user profile or multiple emails or physical addresses, and Okta is configured to try to synchronize multiple or all values for that attribute.
Solution
There are two possible solutions to resolve the error:
- Go to Directory > Profile Editor > AWS IAM Identity Center User > Mappings > Update the mappings to send only a single value for a given attribute.
- Under Directory > Profile Editor > AWS IAM Identity Center User > Remove the additional attributes from the application schema.
