UserGroupResolutionConfiguration

Provides the configuration information to fetch access levels of groups and users from an AWS Single Sign-On identity source. This is useful for setting up user context filtering, where Amazon Kendra filters search results for different users based on their group's access to documents. You can also map your users to their groups for user context filtering using the PutPrincipalMapping API.

To set up an AWS SSO identity source in the console to use with Amazon Kendra, see Getting started with an AWS SSO identity source. You must also grant the required permissions to use AWS SSO with Amazon Kendra. For more information, see IAM roles for AWS SSO.

Amazon Kendra currently does not support using UserGroupResolutionConfiguration with an AWS organization member account for your AWS SSO identify source. You must create your index in the management account for the organization in order to use UserGroupResolutionConfiguration.

Contents

UserGroupResolutionMode

The identity store provider (mode) you want to use to fetch access levels of groups and users. AWS Single Sign-On is currently the only available mode. Your users and groups must exist in an AWS SSO identity source in order to use this mode.

Type: String

Valid Values: AWS_SSO | NONE

Required: Yes

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for Ruby V3