Skip to main content
Please ensure you’ve completed the previous steps:

Introduction

While Fjall can be used without SSO, we recommend configuring it to improve both ease of use and security. The good news is our Organisation stack has already done most of the heavy lifting, but there are a few pieces we’ll need to configure manually.
💡 Note:
If you prefer not to configure SSO but still want the benefits of maintaining user permissions and access controls, skip to our Managing Users and Permissions section.

Configuring SSO

1. Configure Your Identity Provider

Follow the appropriate guide for your IdP: Once setup is complete, your users will be automatically provisioned into AWS.

2. Verify Provisioned Users

  1. Log in to the AWS Console
  2. In the top-left search bar, type IAM Identity Center and click the first result
IAM Identity Center
  1. Navigate to Users in the left navigation pane
Users Sidebar
  1. You should see your users listed
    • Check that Status is Enabled
    • Check that Created by shows SCIM
SCIM Enabled

Managing Users and Permissions

Create a New User

Run the following command to create a new user, and follow the prompts. 
fjall user create
Example: 
fjall user create

--- Creating user in AWS IAM Identity Center ---

 Username: [email protected]
 Email: [email protected]
 First Name: John
 Last Name: Smith
 AWS credentials set successfully
 Successfully created user [email protected]
User ID: d478b468-3001-705f-d1f8-277c1ae3c9a8
Display Name: John Smith
New users must reset their password using:
Reset IAM Password

Associate User with a Group

🧠 Default groups created by Fjall:
  • AdministratorAccess
  • ReadOnly
  • Billing
You can also create custom groups using the Group construct. 
fjall user add <username> <groupname>
Example: 
fjall user add [email protected] AdministratorAccess

--- Adding user [email protected] to group AdministratorAccess ---

 AWS credentials set successfully
 User and group found
 Successfully added user [email protected] to group AdministratorAccess
Membership ID: 64486498-2021-7047-1877-b3921ceb787b

Disassociate User from a Group

fjall user remove <username> <groupname>
Example: 
fjall user remove [email protected] AdministratorAccess

--- Removing user [email protected] from group AdministratorAccess ---

 AWS credentials set successfully
 User and group found
 Group membership found
 Successfully removed user [email protected] from group AdministratorAccess

Delete a User

Run the following command and confirm the prompt: 
fjall user delete <username>
Example: 
fjall user delete [email protected]

--- Deleting user [email protected] from AWS IAM Identity Center ---

 Are you sure you want to delete user [email protected]? yes
 AWS credentials set successfully
 User found
 Successfully deleted user [email protected]

View All Users

fjall users list
Example: 
fjall user list

--- Listing users from AWS IAM Identity Center ---

 AWS credentials set successfully
 Found 1 user(s)

Users:
- [email protected] (John Smith)