awslabs / ssosync

Populate AWS SSO directly with your G Suite users and groups using either a CLI or AWS Lambda
Apache License 2.0
530 stars 182 forks source link

Custom attributes not coming after user syncing #143

Closed jogindercc closed 8 months ago

jogindercc commented 1 year ago

Is your feature request related to a problem? Please describe. Not able to use ABAC(Attribute Based Access Control) for authorization custom permissions using conditions in policies.

Describe the solution you'd like Currently, the users getting synced with ssosync tool, we're not getting all of the Users' attributes. (Like: Department, Cost Center) etc. We're just getting the primary attributes like Username,Email, First Name, Last Name only. However, on Google account we have created all the user attributes. If we get this atrributes synced as well along with Users, We can leverage these attributes to have more fine grain control over access policies.

Additional context Below is the screenshot of User's attributes not coming on the AWS, after sso-sync.

image

ChrisPates commented 8 months ago

Apologies for the delay. So at the moment ssosync only populates a minimal set of attributes. I'll define a feature request #178, to expand this to include as many as possible.

ChrisPates commented 8 months ago

Closing this issues, as currently this is expected behavior. Please review the feature request issue and add anything you would specifically like to see included.