AWS app is configured to assign permissions via "map from onelogin" with match: "AWS - (.*)"
When a user is assigned the "AWS - FOO" role in OneLogin, you then need to click "Reapply Entitlement Mappings" for the SCIM to trigger and create the matching group in AWS SSO.
Our use case is creating the roles named "AWS - FOO" in onelogin via terraform (this works great),
Then use the AWS Terraform Provider to attach a permission set to the SSO Group.
This action fails as nothing triggers the "Reapply Entitlement Mappings" action from the terraform file, and thus never populates AWS for us to perform a match.
If there is an api endpoint for the reapply, I have not been able to find it or id trigger the call via local-exec and be unblocked.
Wish:
When making updates to user roles via Terraform, entitlement mapping updates would happen automagically.
Problem:
AWS app is configured to assign permissions via "map from onelogin" with match: "AWS - (.*)"
When a user is assigned the "AWS - FOO" role in OneLogin, you then need to click "Reapply Entitlement Mappings" for the SCIM to trigger and create the matching group in AWS SSO.
Our use case is creating the roles named "AWS - FOO" in onelogin via terraform (this works great), Then use the AWS Terraform Provider to attach a permission set to the SSO Group.
This action fails as nothing triggers the "Reapply Entitlement Mappings" action from the terraform file, and thus never populates AWS for us to perform a match.
If there is an api endpoint for the reapply, I have not been able to find it or id trigger the call via local-exec and be unblocked.
Wish: When making updates to user roles via Terraform, entitlement mapping updates would happen automagically.
Let me know what other detail I can provide.