qfskf (qfskf) asked a question.
Hi,
We've successfully integrated AWS IAM Identity Center app in our Okta org - both SAML and SCIM.
When we enabled the API Integration in the provisioning tab, we left the "Import Groups" setting checked.
We have a few groups in IAM Identity Center with users populated to them, but I don't see those users appear in Okta, nor can I edit the group membership.
I also can't use those imported-from-aws groups in the Push Groups mechanism.
What am I missing here? Why would I want to import groups from AWS if there's no functionality there?
What would be the best practice then? To create groups in Okta with the same names as in IAM Identity Center and assign users to them, and then sync via Push Groups?
I hope I was able to explain myself.
Thanks,
Elior.
Hi @qfskf (qfskf) , Thank you for reaching out to the Okta Community!
The "import groups" feature would be required for the Push Group functionality.
Reviewing the available documentation, I'm not seeing any evidence of app group membership import being supported though, but then again.. there's nothing that conclusively indicates that it's not supported.
I checked with one of my colleagues who happened to have a test environment for this and they didn't get the membership either.
Based on the fact that the provisioning part is "partner-built", I would recommend reaching out to their support for confirmation.
The only thing I know for sure is that "Once you configure Okta as your IdP on IAM Identity Center you are not able to create groups on the AWS side manually." , so the Push Group approach you mentioned would be recommended.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Community members help others by clicking Like or Select as Best on responses. Try it today.