Disable Multi-party approval
When you sign in to your organization's management account, you can disable Multi-party approval by navigating to the Multi-party approval console and deleting the Multi-party approval identity source.
Delete an identity source
To delete an identity source, complete the following steps.
Minimum permissions
To delete an identity source, you need permission to run the following action:
-
kms:Decrypt
-
mpa:DeleteIdentitySource
-
sso:DeleteApplication
-
sso:DescribeApplication
-
sso:DescribeInstance
-
sso:ListInstances
-
sso:PutApplicationAccessScope
-
sso:PutApplicationAssignmentConfiguration
-
sso:PutApplicationAuthenticationMethod
-
sso:PutApplicationGrant
If you are using the AWS Management Console, you also need permission to run the following actions:
-
kms:Decrypt
-
organizations:DescribeOrganization
-
organizations:ListDelegatedAdministrators
-
sso:DescribeInstance
-
sso:GetSharedSsoConfiguration
-
sso:ListInstances
What to do next
You can re-enable Multi-party approval at any time. For more information, see Setting up Multi-party approval.
Considerations
Identity sources cannot be deleted when there are dependent approvers
You cannot delete a Multi-party approval identity source when the identity source is managing the user authentication for approvers who are currently in approval teams.
To delete an identity source, you must first delete all teams associated with identity source. For more information, see Delete team.
Deleted IAM Identity Center instance
If you deleted the IAM Identity Center instance connected to your identity source, you can still delete the Multi-party approval identity source. However, if you have active approval teams when the IAM Identity Center instance is deleted, these teams become non-functional. Approvers can no longer access the Multi-party approval portal to vote on sessions. To restore functionality, create a new IAM Identity Center instance with users and connect to a new identity source before you follow the approval team recovery process.
For steps to recover approval teams that are in an error state, see Troubleshooting.