Skip to main content
Please ensure you’ve completed the previous steps:

Introduction

While Fjall can be used without SSO, we recommend configuring it to improve both ease of use and security. The good news is our Organisation stack has already done most of the heavy lifting, but there are a few pieces we’ll need to configure manually.
💡 Note:
If you prefer not to configure SSO but still want the benefits of maintaining user permissions and access controls, skip to our Managing Users and Permissions section.

Configuring SSO

1. Configure Your Identity Provider

Follow the appropriate guide for your IdP: Once setup is complete, your users will be automatically provisioned into AWS.

2. Verify Provisioned Users

  1. Log in to the AWS Console
  2. In the top-left search bar, type IAM Identity Center and click the first result
IAM Identity Center
  1. Navigate to Users in the left navigation pane
Users Sidebar
  1. You should see your users listed
    • Check that Status is Enabled
    • Check that Created by shows SCIM
SCIM Enabled

Managing Users and Permissions

Create a New User

Run the following command to create a new user, and follow the prompts. 
fjall user create
Example: 
fjall user create

--- Creating user in AWS IAM Identity Center ---

 Username: example@email.com
 Email: example@email.com
 First Name: John
 Last Name: Smith
 AWS credentials set successfully
 Successfully created user example@email.com
User ID: d478b468-3001-705f-d1f8-277c1ae3c9a8
Display Name: John Smith
New users must reset their password using:
Reset IAM Password

Associate User with a Group

🧠 Default groups created by Fjall:
  • AdministratorAccess
  • ReadOnly
  • Billing
You can also create custom groups using the Group construct. 
fjall user add <username> <groupname>
Example: 
fjall user add example@email.com AdministratorAccess

--- Adding user example@email.com to group AdministratorAccess ---

 AWS credentials set successfully
 User and group found
 Successfully added user example@email.com to group AdministratorAccess
Membership ID: 64486498-2021-7047-1877-b3921ceb787b

Disassociate User from a Group

fjall user remove <username> <groupname>
Example: 
fjall user remove example@email.com AdministratorAccess

--- Removing user example@email.com from group AdministratorAccess ---

 AWS credentials set successfully
 User and group found
 Group membership found
 Successfully removed user example@email.com from group AdministratorAccess

Delete a User

Run the following command and confirm the prompt: 
fjall user delete <username>
Example: 
fjall user delete example@email.com

--- Deleting user example@email.com from AWS IAM Identity Center ---

 Are you sure you want to delete user example@email.com? yes
 AWS credentials set successfully
 User found
 Successfully deleted user example@email.com

View All Users

fjall users list
Example: 
fjall user list

--- Listing users from AWS IAM Identity Center ---

 AWS credentials set successfully
 Found 1 user(s)

Users:
- example@email.com (John Smith)