Understanding IAM Identity Center/AWS SSO Propagation Delay

Hey all! :smile: I’m rolling out IAM Identity Center/AWS SSO across my organization and have noticed that sometimes changes take a while to take effect. I can’t find any documentation of this propegation delay or how long it’s expected to take. Do y’all have a rule of thumb for this?

Which changes in particular?

The only latency I’ve experienced is in assigning Permission Sets to users/groups, I’ve found that having the user sign out/in will show the new Permission Sets immediately.

Adding users to groups is the thing I was seeing notable lag on

That’s strange. I’ve never seen that in ~2 years of using it w/ multiple orgs. May want to ask support about that.

Interesting! Thanks for the perspective. I’ll file a ticket

to both of you, are you using an external IdP with SCIM or are you creating users and groups directly in Identity Center?

I’m creating them directly

Same here - external IdP, but users created manually in ID Center and manually added to groups.

You need to refresh your IAM Identity Center access portal session to access new groups (ime), that might be what you’re observing? Basically +1 to Erik

If you’re on the CLI and using the new session config style, it might get updated when your refresh token is, uh, refreshed