This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Following the instructions in the AWS blog post entitled "The Next Evolution in AWS Single Sign-On", I have created an Enterprise Application in Azure Active Directory and changed the identity source in AWS SSO to be Azure AD. As an initial test, I configured AWS SSO provisioning to "manual" and created a user in AWS SSO with a "Username" that matches my Azure AD "Unique User Identifier". I was able to log into the AWS console successfully. When I tested sign on using "Test this application" in Azure AD it worked as expected and I was successfully logged into AWS with the option to choose an account and role to assume.
The problem is that I cannot get automatic user provisioning to work.
objectId Azure Active Directory attribute and the externalId customappsso attribute. Azure AD always says "Initial cycle not run". The Azure SSO Users and Groups pages are both empty, but I am expecting to see three users and one group.
What could be wrong?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Try deleting and re-adding the Enterprise Application.
I would also try following the Microsoft tutorial. https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/amazon-web-service-tutorial