Use this procedure to remove single sign-on access to an AWS account for one or more users and groups in your connected directory. Alternatively, you can use the delete-account-assignment AWS CLI.
Note
When you need to deprovision IAM Identity Center users or groups, you should first remove any assignments of permission sets from your users and groups before deleting the users and groups.
To remove user and group access to an AWS account
-
Open the IAM Identity Center console
. -
In the navigation pane, under Multi-account permissions, choose AWS accounts.
-
On the AWS accounts page, a tree view list of your organization appears. Select the name of the AWS account that contains the users and groups for whom you want to remove single sign-on access.
-
On the Overview page for the AWS account, under Assigned users and groups, select the name of one or more users or groups, and choose Remove access.
-
In the Remove access dialog box, confirm that the names of the users or groups are correct, and choose Remove access.
