Skip to content

Policy: AWSSSOMasterAccountAdministrator

ARN: arn:aws:iam::aws:policy/AWSSSOMasterAccountAdministrator

Allowed Actions

Actions Services
access-analyzer:ValidatePolicy access-analyzer
ds:AuthorizeApplication ds
ds:CreateAlias ds
ds:DescribeDirectories ds
ds:DescribeTrusts ds
ds:UnauthorizeApplication ds
iam:CreateServiceLinkedRole iam
iam:ListPolicies iam
iam:PassRole iam
identity-sync:DeleteSyncProfile identity-sync
identitystore:* identitystore
identitystore-auth:* identitystore-auth
organizations:DeregisterDelegatedAdministrator organizations
organizations:DescribeAccount organizations
organizations:DescribeOrganization organizations
organizations:EnableAWSServiceAccess organizations
organizations:ListAccounts organizations
organizations:ListAccountsForParent organizations
organizations:ListChildren organizations
organizations:ListDelegatedAdministrators organizations
organizations:ListOrganizationalUnitsForParent organizations
organizations:ListParents organizations
organizations:ListRoots organizations
organizations:RegisterDelegatedAdministrator organizations
signin:CreateTrustedIdentityPropagationApplicationForConsole signin
signin:ListTrustedIdentityPropagationApplicationsForConsole signin
sso:* sso
sso-directory:* sso-directory