Posted On: May 22, 2023

Customers of AWS IAM Identity Center (successor to AWS Single Sign-On) can use CyberArk Secure Cloud Access, Ermetic, and Okta Access Requests for temporary elevated access, also known as just-in-time access. As part of an ongoing collaboration with partners, AWS Identity validated that these solutions integrate with Identity Center and address common customer requirements, such as the ability to request and approve time-bound access, and to audit action logs.

Temporary elevated access allows a workforce user who does not have standing permission to perform a task, such as changing the configuration of a production environment, to request permission, receive approval, and perform the task during a specified time. Auditors can view a log of actions and approvals. Temporary elevated access supplements other forms of AWS access control and can reduce standing privileges.

Identity Center customers share requirements for temporary elevated access, but have diverse business and technical environments that require emphasis on different components. The solutions offered by Identity Center and AWS partners CyberArk, Ermetic, and Okta, address a range of customer scenarios, including sensitive operations demanding full auditability, multi-cloud environments with complex entitlements and audit needs, and organizations using multiple identity sources and application integrations.

Identity Center helps securely create or connect workforce identities and manage their access centrally across AWS accounts and applications. Identity Center is the recommended approach for workforce authentication and authorization on AWS. The service is built on AWS Identity and Access Management and offered at no additional cost in these AWS Regions. To learn more, see the features page.