AWS SSO in a DevOps first world

Plaid, a financial technology company, has implemented AWS Single Sign-On (SSO) as part of its DevOps strategy. The company previously used Okta's SAML federation for user identity management but switched to AWS SSO due to limitations in the older solution. However, they faced challenges with the new system, such as support for temporary CLI/API access and compatibility issues with advanced MFA protection controls. To overcome these obstacles, Plaid developed an unconventional approach using Terraform modules and custom tools like megabin and a Chrome extension to automate the login workflow and enable seamless user access management. The company's experience highlights the benefits of integrating AWS SSO with existing DevOps tools, incorporating troubleshooting and support scenarios in automation, and having backup options for unforeseen issues.