UserGroupResolutionConfiguration
Provides the configuration information to fetch access levels of groups and users from an AWS Single Sign-On identity source. This is useful for setting up user context filtering, where Amazon Kendra filters search results for different users based on their group's access to documents. You can also map your users to their groups for user context filtering using the PutPrincipalMapping API.
To set up an AWS SSO identity source in the console to use with Amazon Kendra, see Getting started with an AWS SSO identity source. You must also grant the required permissions to use AWS SSO with Amazon Kendra. For more information, see IAM roles for AWS SSO.
Amazon Kendra currently does not support using UserGroupResolutionConfiguration
with an AWS organization member account for your AWS SSO
identify source. You must create your index in the management account for the organization
in order to use UserGroupResolutionConfiguration
.
Contents
- UserGroupResolutionMode
-
The identity store provider (mode) you want to use to fetch access levels of groups and users. AWS Single Sign-On is currently the only available mode. Your users and groups must exist in an AWS SSO identity source in order to use this mode.
Type: String
Valid Values:
AWS_SSO | NONE
Required: Yes
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: