AWS Single Sign-On
User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

AWS SSO Region Availability

AWS SSO is available in several commonly used AWS Regions. This availability makes it easier for you to configure user access to multiple AWS accounts and business applications. When your users sign in to the user portal, they can select the AWS account that they have permission to. Then they can access the AWS Management Console. For a full list of the Regions that AWS SSO supports, see AWS Regions and Endpoints.

AWS SSO Region Data

When you first enable AWS SSO, all the data that you configure in AWS SSO is stored in the Region where you configured it. This data includes directory configurations, permission sets, application instances, and user assignments to AWS account applications. If you are using the AWS SSO directory, all users and groups that you create in AWS SSO are also stored in the same Region.

AWS Organizations only supports one AWS SSO Region at a time. If you want to make AWS SSO available in a different Region, you must first delete your current AWS SSO configuration. Switching to a different Region also changes the URL for the user portal.

Delete Your AWS SSO Configuration

When an AWS SSO configuration is deleted, all the data in that configuration is deleted and cannot be recovered. The following table describes what data is deleted based on the directory type that you have currently configured in AWS SSO.

What data gets deleted

Connected directory

(AWS Managed Microsoft AD or AD Connector)

AWS SSO directory

All permission sets you have configured for AWS accounts

X X

All applications you have configured in AWS SSO

X X
All user assignments you have configured for AWS accounts and applications X X
All users and groups in the directory N/A X

Use the following procedure when you need to delete your current AWS SSO configuration.

To delete your AWS SSO configuration

  1. Open the AWS SSO console.

  2. In the left navigation pane, choose Settings.

  3. On the Settings page, under Delete AWS SSO configuration, choose Delete AWS SSO.

  4. On the Delete AWS SSO configuration page, select each of the check boxes to acknowledge you understand the data that will be deleted. Type DELETE in the text box, and then choose Delete AWS SSO.