AWS Control Tower SCIM

will.freeman · May 13, 2024, 5:24pm

I’m looking to set up AWS Control Tower SCIM. I’ve followed the outline from AWS, everything is working except for the push groups. So the group shows up in AWS after pushing and states it was created via SCIM, but still shows an error and won’t provision users.

Any thoughts?

Error:
Changes to the Group push mapping for the group awsssoPowerUsers could not take effect due to error: Error while creating user group awsssoPowerUsers: Exception in deserializing the Group Json String. Error message=Resource ‘Group’ is malformed: ‘urn:scim:schemas:core:1.0’ must be declared in the schemas attribute., json string={“id”:“14b854c8-00d1-706e-055b-728557f8828a”,“meta”:{“resourceType”:“Group”,“created”:“2024-05-10T18:24:17Z”,“lastModified”:“2024-05-10T18:24:17Z”},“schemas”:[“urn:ietf:params:scim:schemas:core:2.0:Group”],“displayName”:“awsssoPowerUsers”,“members”:}, uri=null

FAILURE:

ram.gandhi · May 13, 2024, 8:31pm

This question seems to have schemas mixed between SCIM V1.1 and SCIM V2.0.

Based on the doc I see here from AWS, they could be expecting V2.0. Make sure to pick the same SCIM versions in Okta and AWS and let us know if that solves your issue.

system · May 14, 2024, 8:31pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
SCIM Group Push Error while updating user group membership for group null: Found an empty scim group string SCIM	2	2394	February 13, 2024
SCIM Server okta SCIM	1	5076	February 12, 2024
Push groups error SCIM	7	496	June 5, 2024
SCIM Provisioning - group push issues SCIM	5	4423	September 16, 2021
“Argument “content” is null” when pushing groups SCIM	2	1729	October 4, 2023

AWS Control Tower SCIM

Related topics