Table of Contents

AWS Single Sign-On ABAC

Prerequisites / Assumptions

IdP

IdP with SCIM

IdP without SCIM

AWS SSO

AWS SSO Optional

If you need a user attribute as a principal tag and can't update the IdP to to pass the attribute as an access control. You can add the key value mapping to the Attributes for access control. For this to work the attribute value must be show in the AWS SSO users information.

KeyValue
Username${path:userName}

Validate


Reference Links