AWS IAM Identity Center

Centrally manage workforce access to multiple AWS accounts and applications

Benefits

Centrally create workforce users and groups in AWS IAM Identity Center, or connect and synchronize to an existing set of users and groups in your own identity source for use across all your AWS accounts and applications.

Manage your workforce access to multiple AWS accounts by assigning user permissions based on common job functions or user attributes.

Implement permissions across multiple AWS accounts at one time without needing to configure each of your accounts manually.

Provide your workforce single sign-on access to AWS managed and SAML 2.0 applications, such as Salesforce, Box, and Microsoft 365.

How it works

AWS IAM Identity Center helps you securely create or connect your workforce identities and manage their access centrally across AWS accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization on AWS for organizations of any size and type. Using IAM Identity Center, you can create and manage user identities in AWS, or connect your existing identity source, including Microsoft Active Directory, Okta, Ping Identity, JumpCloud, Google Workspace, and Microsoft Entra ID (formerly Azure AD).
IAM Identity Center overview demo (3:06)
Why use IAM Identity Center?
Use IAM Identity Center to securely scale access across accounts and applications, supporting your workforce agility and workload innovation on AWS.

Use cases

Your users can use their directory credentials for single sign-on access to multiple AWS accounts. Their personalized web user portal shows their assigned roles in AWS accounts in one place. Users can also single sign-on through the AWS Command Line Interface (CLI), AWS SDKs, or AWS Console Mobile Application using their directory credentials for a consistent authentication experience.
IAM Identity Center is integrated with applications such as Amazon SageMaker Studio, AWS Systems Manager Change Manager, and AWS IoT SiteWise for zero-configuration authentication and authorization. These integrated applications share a consistent view of users and groups for resource sharing and collaboration all within the application.
Securely access your Amazon EC2 Windows instances with existing corporate user names, passwords, and MFA devices. You are not required to share administrator credentials, access credentials multiple times, or configure remote access client software. You can centrally grant and revoke access to your EC2 Windows instances at scale across multiple AWS accounts.
You can more easily configure single sign-on access to applications that support SAML 2.0 using the IAM Identity Center application configuration wizard. IAM Identity Center also provides preconfigured settings for many cloud applications, including Salesforce, Box, and Microsoft 365.

How to get started

Connect with an expert

From development to enterprise-level programs, get the right support at the right time.

Explore support options »

Have more IAM Identity Center questions?

Get answers about how IAM Identity Center works.

Read the FAQs »

Access the IAM Identity Center console

Configure your identity source and scale fine-grained permissions across AWS.

Sign into the console »

Explore more of AWS