AWS IAM Identity Center (Successor to AWS Single Sign-On)

Centrally manage workforce access to multiple AWS accounts and applications

Create or connect your workforce identities only once for use across AWS.

Centrally manage your workforce access to multiple AWS accounts.

Assign user permissions based on common job functions or user attributes.

Provide your workforce single sign-on access to cloud applications.

How it works

AWS IAM Identity Center (successor to AWS Single Sign-On) helps you securely create or connect your workforce identities and manage their access centrally across AWS accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization on AWS for organizations of any size and type.
How AWS Identity Center works
 Click to enlarge
AWS IAM Identity Center (successor to AWS SSO) overview demo (3:06)
Why use IAM Identity Center?
Use IAM Identity Center to securely scale access across accounts and applications, supporting your workforce agility and workload innovation on AWS.

Use cases

Enable multi-account access to your AWS accounts

Your users can use their directory credentials for single sign-on access to multiple AWS accounts. Their personalized web user portal shows their assigned roles in AWS accounts in one place. Users can also single sign-on through the AWS Command Line Interface (CLI), AWS SDKs, or AWS Console Mobile Application using their directory credentials for a consistent authentication experience.

Enable single sign-on access to your AWS applications

IAM Identity Center is integrated with applications such as Amazon SageMaker Studio, AWS Systems Manager Change Manager, and AWS IoT SiteWise for zero-configuration authentication and authorization. These integrated applications share a consistent view of users and groups for resource sharing and collaboration all within the application.

Enable single sign-on access to Amazon EC2 Windows instances

Securely access your Amazon EC2 Windows instances with existing corporate user names, passwords, and MFA devices. You are not required to share administrator credentials, access credentials multiple times, or configure remote access client software. You can centrally grant and revoke access to your EC2 Windows instances at scale across multiple AWS accounts.

Enable single sign-on access to cloud-based applications

You can more easily configure single sign-on access to applications that support SAML 2.0 using the IAM Identity Center application configuration wizard. IAM Identity Center also provides preconfigured settings for many cloud applications, including Salesforce, Box, and Microsoft 365.

How to get started

Connect with an expert

From development to enterprise-level programs, get the right support at the right time.

Explore support options »

Have more IAM Identity Center questions?

Get answers about how IAM Identity Center works.

Read the FAQs »

Access the IAM Identity Center console

Configure your identity source and scale fine-grained permissions across AWS.

Sign into the console »

Explore more of AWS