https://pulumi.com logo
Join Slack
Powered by
Hello. By any chance, have anyone here configured ...
# general
p
Hello. By any chance, have anyone here configured Pulumi authentication with AWS SSO? We are having an error “Request nameID format does not match our record”, no luck so far.
@gentle-diamond-70147 Help? 🙂
g
Yep, pinging someone to come help. I have to run to our webinar. 🙂
p
Oh, thanks!
c
Hi Fernando
I’ll PM you
👍 1
It turns out that things were configured correctly. Fernando followed our Okta guide to setup SSO with AWS. Setting the 
Relay State
URL to the Pulumi ACS base URL allowed him to perform an SSO from AWS to Pulumi successfully. The ACS base URL is, say, your org login name is 
myorg
then it would be 
<https://api.pulumi.com/login/myorg/sso>
. The relay state URL allows SSO users to click on the application tile from AWS’ SSO applications page to be directly taken to Pulumi Console without having to type the org name again on Pulumi.
c
Nice! Thanks for handling. Are there any updates or clarifications we should make to our Okta doc?
p
@clever-sunset-76585 I just moved that URL to the 
Application start url
configuration, it works fine.
c
Great! Thanks for confirming. So the issue was that the Application Start URL Fernando used before was of the wrong format.
p
Maybe it would be cool to have it in the docs. Maybe one section for a more generic configuration.
c
Yes. I will add it. Okta doesn’t have an Application Start URL, but GSuite does, which is actually sort of like a Relay State. In any case, I’ll add some docs around this.
Open in Slack
PreviousNext
Powered by