Live Demo: Get full visibility of your AWS environment with CloudQuery Sign up ❯

CloudQuery

AWS
Security

Fixing AWS SSO if you accidentally deleted SSO identity provider

In this short tutorial we will go through what to do if you accidentally deleted the AWSSSO_asd123456678_DO_NO_DELETE identity provider from an org account which is used by AWS SSO (take a look at our previous blog setting up AWS SSO with Google Workspace).
Deleting the AWSSSO_1233424_DO_NOT_DELETE identity provider will prevent you from accessing the account via the AWS SSO screen.

Regaining Access #

  1. If you deleted the identity provider in your root account where your AWS SSO is managed you will need to login with the root account.
  2. Once you are in the AWS SSO dashboard click AWS accounts
  1. Click on the account that you’ve deleted access to.
  1. Remove access to all existing users and groups by clicking on them and then clicking on the “remove access” button.
  2. Add all users back by clicking on the "assign users or groups" button
  3. Voilà! now you should be back in business.

Ready to dive deeper? Contact CloudQuery here or join the CloudQuery Community to connect with other users and experts. You can also try out CloudQuery locally with our quick start guide or explore the CloudQuery Platform (currently in beta) for a more scalable solution.
Want help getting started? Join the CloudQuery community to connect with other users and experts, or message our team directly here if you have any questions.
Turn cloud chaos into clarity

Find out how CloudQuery can help you get clarity from a chaotic cloud environment with a personalized conversation and demo.


© 2025 CloudQuery, Inc. All rights reserved.

We use tracking cookies to understand how you use the product and help us improve it. Please accept cookies to help us improve. You can always opt out later via the link in the footer.