Limits in AWS SSO

The following tables describe limits within AWS SSO. For information about limits that can be changed, see AWS Service Limits.

Application Limits

Resource	Default Limit
File size of service provider SAML certificates (in PEM format)	2 kb

AWS Account Limits

Resource	Default Limit
Maximum number of permission sets in AWS SSO	50
Number of permission sets allowed per AWS account	20
Number of references to AWS managed policies per permission set	10
Number of inline policies per permission set	1
Maximum size of inline policy per permission set	10,000 bytes
Number of IAM roles in the AWS account that can be repaired at a time *	1
Number of directories that you can have at a time	1

* Permission sets are provisioned in an AWS account as IAM roles. For more information, see Permission Sets.

Connected Directory Limits

Resource	Default Limit
Number of unique Active Directory groups that can be assigned *	50
Number of connected directories that you can have at a time	1

* Users within their Active Directory can belong to many directory groups. However within AWS SSO, they can have up to 50 of their Active Directory groups assigned for using applications.

AWS SSO Directory Limits

Resource	Default Limit
Maximum number of users supported in AWS SSO	500
Maximum number of groups supported in AWS SSO	100

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

« Previous Next »