Permission configuration is a configuration template used by Identity Center users to access accounts. It includes predefined policies of Cloud Access Management (CAM) and does not currently support custom policies. You can use this template to authorize Identity Center users on the account.
First Deployment of Permission Configuration
When you set permissions for users or user groups on the account, you need to specify a permission configuration. If no other users or user groups have been deployed with a permission configuration on that account, the Identity Center will deploy a permission configuration in the account's CAM for you. The deployment in CAM includes the following:
Create a CAM role of type Identity Center synchronization.
On the CAM role, bind the system policy specified in permission configuration. Custom policies are not currently supported.
If no authorizations have been made on the account, create an identity provider, allowing Identity Center users to use role single sign-on (SSO) to log in to the account.
You can view the aforementioned CAM role and identity provider in the CAM console of the account, but you cannot modify or delete them.
Redeploying Permission Configuration
If the permission configuration has already been deployed to an account but changes are made to the permission configuration, these changes will not be automatically updated to the account. You need to manually redeploy (add or delete system policies) for the changes to take effect.
Was this page helpful?