AWS sso has changed, so if you are running this on a headless system over ssh for example, use aws configure sso –-use-device-code. This will produce an option to open a browser and approve access there.

SSO session name (Recommended): test123
SSO start URL [None]: https://d-1a2345ab23.awsapps.com/start/#
SSO region [None]: eu-west-1
SSO registration scopes [sso:account:access]:
Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:

https://d-1a2345ab23.awsapps.com/start/#/device

Then enter the code:

ABCD-EFGH

Click Allow Access, you can then close your tab / browser session.

There are 8 AWS accounts available to you.
Using the account ID 123412341234
There are 3 roles available to you.
Using the role name "AdministratorAccess"
Default client Region [None]: eu-west-1
CLI default output format (json if not specified) [None]: json
Profile name [AdministratorAccess-123412341234]: MyDeploymentRole
To use this profile, specify the profile name using --profile, as shown:

aws sts get-caller-identity --profile MyDeploymentRole

SSO uses the URL:-
https://d-1a2345ab23.awsapps.com/start/#

The d-xxxx is the Identity Store Directory id

$ aws sso-admin list-instances | jq -r .Instances[]."IdentityStoreId"
d-1a2345da26