Skip to content

Update index.md #535

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
remotesynth merged 1 commit into from
Mar 31, 2026
+18 −1
Merged

Update index.md #535

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 18 additions & 1 deletion src/content/docs/aws/enterprise/sso/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,23 @@ After configuring the base details for your Identity Provider (IdP), the followi

![Callback URL, Sign Up Portal URL, and Identifier (Entity Id)](/images/aws/additional-information-page.png)

## Strict SSO Mode

Strict SSO Mode is an optional security enhancement that requires all members of your organization to authenticate exclusively through the configured Identity Provider (IdP). Once enabled, standard username/password login is disabled for your organization and the configured IdP becomes the only permitted way to sign in.

This provides two key security benefits:

- **Leaked credential protection**: Even if a user's LocalStack password is compromised, attackers cannot log in without going through your IdP.
- **Revocation enforcement**: When an employee's account is removed or suspended in your IdP, they immediately lose access to LocalStack.

### Enabling Strict SSO Mode

To enable strict mode, open the identity provider configuration in your LocalStack Web Application profile settings under **Single Sign-on**, and toggle the **Enable Strict SSO Mode** checkbox in the identity provider settings.

:::caution
Before enabling strict mode, ensure all team members have linked their accounts to the configured Identity Provider. Once strict mode is active, any user who has not completed SSO setup will be unable to sign in via password.
:::

## User Roles and Permissions

For each new member that joins your org, you can specify user roles and permissions that should be assigned to them.
Expand All @@ -227,4 +244,4 @@ For each new member that joins your org, you can specify user roles and permissi
- Tip: In order to enable self-serve licences (i.e., allowing your users to allocate themselves their own license), make sure to select the **Allow member to issue a license for themselves (or a legacy API key)** permission.


![User Roles and Permissions](/images/aws/roles-permissions.png)
![User Roles and Permissions](/images/aws/roles-permissions.png)