Fixing AWS SSO if you accidentally deleted SSO identity provider
May 16, 2022
In this short tutorial we will go through what to do if you accidentally deleted the AWSSSO_asd123456678_DO_NO_DELETE
identity provider from an org account which is used by AWS SSO (take a look at our previous blog setting up AWS SSO with Google Workspace (opens in a new tab)).
Deleting the AWSSSO_1233424_DO_NOT_DELETE
identity provider will prevent you from accessing the account via the AWS SSO screen.
Regaining Access
-
If you deleted the identity provider in your root account where your AWS SSO (opens in a new tab) is managed you will need to login with the root account.
-
Once you are in the AWS SSO dashboard click AWS accounts
- Click on the account that you’ve deleted access to.
-
Remove access to all existing users and groups by clicking on them and then clicking on the “remove access” button.
-
Add all users back by clicking on the "assign users or groups" button
-
Voilà! now you should be back in business.