AWS Single Sign-On (SSO) now synchronizes groups, in addition to user information, for customers who use Microsoft Active Directory (AD) as their identity source. You can now manage your users and groups in AD, and AWS SSO’s AD sync will ensure that this information is accessible to you in a consistent manner within AWS accounts and applications. You will be able to access AD users and groups from AWS SSO-integrated applications and use them for improved collaborative experiences like searching and sharing, and fine-grained access control to application resources like dashboards. Any changes you make to user and group information in AD will automatically reflect in AWS SSO, reducing your administrative effort to manage identities in AWS.
Source:: Amazon AWS