Known issues

There are no known issues.

Known limitations

  • Groups
    • Before deleting a group, Amazon Web Services (AWS) requires you to remove all users from the group. Otherwise, an error will occur in the AWS API.
    • AWS does not allow a user to be a member of more than 10 groups.
  • Deprovisioning
    • AWS does not support disabled users. These users are deleted instead.
    • When an LDAP user is deleted in a targeted Group DN, the provisioning connector does not propagate the deletion until a new user is added to the group. This limitation is compounded when the User Create provisioning option is disabled. For solutions, see SaaS provisioning connector does not remove the user in the Knowledge Base.
  • When a user is created with a passwordResetRequired value other than true or TRUE, the provisioning connector sets the value to false in AWS.
  • Attributes
    • Due to limitations in PingFederate, user attributes cannot be cleared after they are set.
    • Due to limitations in PingFederate, the "Create only" attribute mapping option is not available for the UserName attribute.
  • In PingFederate 8.1 and earlier, when you configure a second SP connection with the provisioning connector, the second connection may be pre-populated with the channel from the first connection. To avoid conflicts, remove this pre-populated channel and create a unique channel for each connection.