I am investigating this tool, but one thing I notice being different to what AWS SSO web login page provides is the generated profile name. In your documentation, it's in the form Administrator-123456789012], but the "Command line or programmatic access" content uses a profile in the form [ACCOUNT_NUMBER]_[ROLE] - the correspondent in the previous example would be 123456789012_Administrator.

Could you align that, so that users can successfully use scripts relying on profiles, regardless whether logged in via this tool or the AWS SSO web? Alternatively to offer some configuration option so that it allows this flexibility while maybe maintaining backwards compatibility?

It is my fear that this tool relies on the awscli which seems to use the same format when aws sso login - but please clarify.

for transparency, I've mentioned this problem to awscli as well: aws/aws-cli#7077

You can name your profiles whatever you want - there is no restriction from aws-vault