SSO Admin
Introduction
Section titled “Introduction”SSO Admin is a service provided by Amazon Web Services (AWS) that enables you to manage your AWS Single Sign-On (AWS SSO) resources. It allows you to create, update, and delete AWS SSO resources such as directories, groups, and users.
LocalStack provides a mock implementation of the SSO Admin API that allows you to create and manage your AWS SSO resources. The supported APIs are available on our API Coverage section, which provides information on the extent of SSO Admin’s integration with LocalStack.
Getting started
Section titled “Getting started”This guide is designed for users new to SSO Admin and assumes basic knowledge of the AWS CLI and our awslocal wrapper script.
Start your LocalStack container using your preferred method. We will demonstrate how to create a permission set, add tags to a permission set, and list permission sets.
Create a permission set
Section titled “Create a permission set”You can create a permission set using the CreatePermissionSet API.
awslocal sso-admin create-permission-set \ --name my-permission-set \ --description "My permission set" \ --instance-arn arn:aws:sso:::instance/d-1234567890 \ --tags Key=Name,Value=my-permission-set{ "PermissionSet": { "CreatedDate": "2025-07-02T12:15:33.352631+05:30", "Description": "My permission set", "Name": "my-permission-set", "PermissionSetArn": "arn:aws:sso:::instance/d-1234567890/ps-lm0rshcjz3tikab8", "SessionDuration": 3600 }}List permission sets
Section titled “List permission sets”You can list permission sets using the ListPermissionSets API.
awslocal sso-admin list-permission-sets --instance-arn arn:aws:sso:::instance/d-1234567890{ "PermissionSets": [ "arn:aws:sso:::instance/d-1234567890/ps-lm0rshcjz3tikab8" ]}List tags for a permission set
Section titled “List tags for a permission set”You can list tags for a permission set using the ListTagsForResource API.
awslocal sso-admin list-tags-for-resource --resource-arn arn:aws:sso:::instance/d-1234567890/ps-lm0rshcjz3tikab8 --instance-arn arn:aws:sso:::instance/d-1234567890{ "Tags": [ { "Key": "Name", "Value": "my-permission-set" } ]}API Coverage
Section titled “API Coverage”| Operation ▲ | Implemented | Image |
|---|