VERSION: Doesn't matter, this behavior is stated in documentation.
I've recently completed a successful integration of the following...
My organization's Identity Provider of choice (I won't be sharing that publicly)
with user/group provisioning
AWS Identity Center
receiving user/group provisioning
Identity Center application integration to PCluster UI
And I discovered at the very end of the process that there is a manual step that must be performed every "first-time" login for a user attempting to log in to PCluster UI.
There you can see that a user must have another user assign them "Admin" before being able to do anything with the UI. Despite the care taken higher up the chain to use the advanced features of IDP and Identity center to automatically place a user in a group, I still need to have a manual process in my org to allow the user to do anything.
DESIRED BEHAVIOR: A user that signs in through the IdentityCenter integration should not have to require another user to add them as an admin. They should be able to use the PCluster UI as soon as they complete sign in with IDP and are returned to the SP site.
VERSION: Doesn't matter, this behavior is stated in documentation.
I've recently completed a successful integration of the following...
And I discovered at the very end of the process that there is a manual step that must be performed every "first-time" login for a user attempting to log in to PCluster UI.
EXISTING BEHAVIOR: You can see this manual step called out in this doc https://docs.aws.amazon.com/parallelcluster/latest/ug/tutorials_10_pcui-aws-ic-integration-v3.html See sub-section heading "Make your user an administrator" of section "Adding your Application to IAM Identity Center"
There you can see that a user must have another user assign them "Admin" before being able to do anything with the UI. Despite the care taken higher up the chain to use the advanced features of IDP and Identity center to automatically place a user in a group, I still need to have a manual process in my org to allow the user to do anything.
DESIRED BEHAVIOR: A user that signs in through the IdentityCenter integration should not have to require another user to add them as an admin. They should be able to use the PCluster UI as soon as they complete sign in with IDP and are returned to the SP site.