We just raised $3.5M and we are hiring!
security

Fixing AWS SSO if you accidentally deleted SSO identity provider

Tutorial: what to do if you accidentally deleted the *_DO_NO_DELETE identity provider from an org account which is used by AWS SSO

Yevgeny Pats
by Yevgeny PatsMay 16, 2022

In this short tutorial we will go through what to do if you accidentally deleted the AWSSSO_asd123456678_DO_NO_DELETE identity provider from an org account which is used by AWS SSO (take a look at our previous blog setting up AWS SSO with Google Workspace).

Deleting the AWSSSO_1233424_DO_NOT_DELETE identity provider will prevent you from accessing the account via the AWS SSO screen.

IAM identity providers

Regaining Access

  1. If you deleted the identity provider in your root account where your AWS SSO is managed you will need to login with the root account.

  2. Once you are in the AWS SSO dashboard click AWS accounts

IAM identity providers

  1. Click on the account that you’ve deleted access to.

AWS accounts / assigned users and groups

  1. Remove access to all existing users and groups by clicking on them and then clicking on the “remove access” button.

  2. Add all users back by clicking on the "assign users or groups" button

  3. Voilà! now you should be back in business.

If you are looking for an open-source cloud asset inventory powered by SQL, check out our GitHub.

Also, Feel free to join our Discord if you run into any bugs/issues, or just want to chat.

Subscribe for monthly updates

Open-source, product updates, blog-posts, news and more