sso:PutApplicationAuthenticationMethod is a Write access-level action in the sso service. Grants permission to create/update an authentication method to an application
ARNs that sso:PutApplicationAuthenticationMethod can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants sso:PutApplicationAuthenticationMethod.
Filters access by the tags associated with the resource
Filters access by the account which creates the application. This condition key is not supported for customer managed SAML applications
Filters access by the primary region of the IAM Identity Center instance
To use sso:PutApplicationAuthenticationMethod you may also need to grant:
A minimal policy that allows sso:PutApplicationAuthenticationMethod. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowSsoPutApplicationAuthenticationMethod",
"Effect": "Allow",
"Action": "sso:PutApplicationAuthenticationMethod",
"Resource": "*"
}
]
}