AWS IAM Identity Center

Connect your existing workforce identity source and centrally manage access to AWS

Meets you where you are and helps you scale

AWS IAM Identity Center is the recommended service for managing your workforce's access to AWS applications, such as Amazon Q Developer. It is a flexible solution that can be used to connect your existing identity source once and gives your AWS applications a common view of your users. Your users get a streamlined, consistent experience across AWS applications. It works alongside existing AWS account access configurations.

Benefits

Give your workforce single sign-on access and a consistent experience across AWS services. Use your chosen identity source and IAM Identity Center alongside your existing IAM roles and policies.

Allow easier management and auditing of user access to AWS applications by making user and group information from your identity source available through IAM Identity Center. You can do this while maintaining your existing access configurations for AWS accounts.

Give your data owners the ability to authorize and log data access by user. Enable the transfer of user identity context from your business intelligence tool to the AWS data services you use, while continuing to use your chosen identity source and other AWS access management configurations.

Manage access consistently across multiple AWS accounts, discover who has access to what, and provide your workforce with single sign-on authentication. Use IAM Identity Center with your existing identity source or create a new directory, and manage workforce access to part or all of your AWS environment.

Why use IAM Identity Center?

Use IAM Identity Center to scale access securely across AWS accounts and applications, such as Amazon Q Developer—your AI-powered productivity tool for the integrated development environment (IDE) and command line. 

Use cases

Configure the service with your chosen identity source—whether Okta, Google Workspace, Microsoft Entra ID, Microsoft Active Directory, the built-in IAM Identity Center directory, or one of many others—and provide all AWS services with a shared understanding of your workforce users and groups.

IAM Identity Center integrates with applications such as Amazon SageMaker Studio, AWS Systems Manager Change Manager, and AWS IoT SiteWise, so you do not need to connect your identity source to each application individually. With this integration, you can manage and view your workforce access centrally.

IAM Identity Center offers trusted identity propagation from your business intelligence tools to the AWS Analytics services managing your data. Share your understanding of your workforce with your data service administrators and auditors to more easily define user permissions and track user access to application data.

Securely access your Amazon EC2 Windows instances with existing corporate usernames, passwords, and MFA devices. You are not required to share administrator credentials, access credentials multiple times, or configure remote access client software. You can centrally grant and revoke access to your EC2 Windows instances at scale across multiple AWS accounts.

Your users can use their directory credentials for single sign-on access to multiple AWS accounts. Their personalized web user portal shows their assigned roles in AWS accounts in one place. Users can sign in through the AWS Command Line Interface, AWS SDKs, or AWS Console Mobile Application using their directory credentials for a consistent authentication experience.