IAM Identity Center
Categories:
2 minute read
Use AWS IAM Identity Center to manage sign-in security for users. Centrally manage access across all AWS accounts and applications. You can use multi-account permissions
to assign users to access AWS accounts. You can use application assignments
to assign users access to IAM Identity Center-enabled applications, cloud applications, and customer Security Assertion Markup Language (SAML 2.0) applications.
Workforce users Human users are known as workforce identities or
workforce users
. You can create workforce users and groups in IAM Identity Center or connect and synchronize to an existing set of users and groups in another identity source for use across all your AWS accounts and applications. Supported identity sources include Microsoft Active Directory Domain Services and external identity providers such as Okta Universal Directory or Microsoft Azure AD.
Application assignments for SAML applications Grant workforce users access to SAML 2.0 applications like Salesforce and Microsoft 365. Your users can access these applications in a single place without the need for you to set up a separate federation.
Identity Center enabled applications AWS applications and services, such as Amazon Managed Grafana, automatically discover and connect to IAM Identity Center to receive sign-in and user directory services. This provides users a consistent single sign-on experience to these applications with no additional configuration.
Multi-account permissions Centrally implement IAM permissions across multiple AWS accounts simultaneously without needing to configure each of your accounts manually.
AWS access portal One-click access to all their assigned AWS accounts and cloud applications through a simple web portal.
Identity provider (Idp)
The identity source in IAM Identity Center defines where your users and groups are managed.
Identity Center directory – is the default identity source. This is where you create your users and groups and assign their level of access to your AWS accounts and applications. Active Directory – to continue managing users in your AWS Managed Microsoft AD directory using AWS Directory Service or your self-managed Directory in Active Directory (AD). External identity provider – to manage users in an external identity provider (IdP) such as Okta or Azure Active Directory.