AWS Security Blog

Category: AWS IAM Identity Center

How to use customer managed policies in AWS IAM Identity Center for advanced use cases

September 23, 2022: This post had been updated to reflect main benefits on using CMPs with permission sets. Are you looking for a simpler way to manage permissions across all your AWS accounts? Perhaps you federate your identity provider (IdP) to each account and divide permissions and authorization between cloud and identity teams, but want […]

Getting started with AWS IAM Identity Center delegated administration

September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. May 23, 2022: AWS IAM Identity Center supports two forms of delegation. One form, which is covered in this blog, is to delegate a […]

Figure 1: Batch AWS account creation and SSO assignment automation architecture and workflow

How to automate AWS account creation with IAM Identity Center user assignment

September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. Background AWS Control Tower offers a straightforward way to set up and govern an Amazon Web Services (AWS) multi-account environment, following prescriptive best practices. […]

Figure 1: Solution architecture diagram

Configure AWS IAM Identity Center ABAC for EC2 instances and Systems Manager Session Manager

September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. In this blog post, I show you how to configure AWS IAM Identity Center to define attribute-based access control (ABAC) permissions to manage Amazon […]

How to enable secure seamless single sign-on to Amazon EC2 Windows instances with AWS IAM Identity Center

September 23, 2022: This blog post has been updated with correction on sample custom permissions policy download URL. September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. Today, we’re launching new functionality that […]

Authenticate AWS Client VPN users with AWS IAM Identity Center

September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. AWS Client VPN is a managed client-based VPN service that enables users to use an OpenVPN-based client to securely access their resources in Amazon […]

Build an end-to-end attribute-based access control strategy with AWS IAM Identity Center and Okta

September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. IAM Identity CenterThis blog post discusses the benefits of using an attribute-based access control (ABAC) strategy and also describes how to use ABAC with […]

Highlights from the latest AWS Identity launches

August 10, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. Here is the latest from AWS Identity from November 2020 through February 2021. The features highlighted in this blog post can help you manage […]

How to delegate management of identity in AWS Single Sign-On

September 26, 2022: This blog post has been updated to reflect corrections on sample codes. September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. Note on May 13, 2022: AWS IAM Identity Center […]

How AWS IAM Identity Center Active Directory sync enhances AWS application experiences

September 12, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. IAM Identity CenterIdentity management is easiest when you can manage identities in a centralized location and use these identities across various accounts and applications. […]