https://pulumi.com logo
#general
Title
# general
p

plain-businessperson-30883

06/13/2019, 5:29 PM
Hello. By any chance, have anyone here configured Pulumi authentication with AWS SSO? We are having an error “Request nameID format does not match our record”, no luck so far.
@gentle-diamond-70147 Help? 🙂
g

gentle-diamond-70147

06/13/2019, 5:37 PM
Yep, pinging someone to come help. I have to run to our webinar. 🙂
p

plain-businessperson-30883

06/13/2019, 5:42 PM
Oh, thanks!
c

clever-sunset-76585

06/13/2019, 5:56 PM
Hi Fernando
I’ll PM you
👍 1
It turns out that things were configured correctly. Fernando followed our Okta guide to setup SSO with AWS. Setting the
Relay State
URL to the Pulumi ACS base URL allowed him to perform an SSO from AWS to Pulumi successfully. The ACS base URL is, say, your org login name is
myorg
then it would be
<https://api.pulumi.com/login/myorg/sso>
. The relay state URL allows SSO users to click on the application tile from AWS’ SSO applications page to be directly taken to Pulumi Console without having to type the org name again on Pulumi.
c

chilly-crayon-57653

06/13/2019, 7:24 PM
Nice! Thanks for handling. Are there any updates or clarifications we should make to our Okta doc?
p

plain-businessperson-30883

06/13/2019, 8:21 PM
@clever-sunset-76585 I just moved that URL to the
Application start url
configuration, it works fine.
c

clever-sunset-76585

06/13/2019, 8:46 PM
Great! Thanks for confirming. So the issue was that the Application Start URL Fernando used before was of the wrong format.
p

plain-businessperson-30883

06/13/2019, 9:03 PM
Maybe it would be cool to have it in the docs. Maybe one section for a more generic configuration.
c

clever-sunset-76585

06/13/2019, 9:40 PM
Yes. I will add it. Okta doesn’t have an Application Start URL, but GSuite does, which is actually sort of like a Relay State. In any case, I’ll add some docs around this.