Identity management in a multi-account environment

Optimize identity management in a multi-account environment with a simplified single sign-on experience, user provisioning, and password management for your AWS environments.
These are just a few examples of IT resource optimization solutions. Scroll down or use the drop-down menu to learn more about each solution.
Choose a solution
  • Choose a solution
  • CyberArk
  • Okta
  • OneLogin
  • Ping Identity


CyberArk Workforce Identity helps secure organizations against unauthorized activities targeting hybrid IT environments of cloud, mobile, and on-premises. It helps protect against compromised credentials via single sign-on (SSO), multi-factor authentication (MFA), and identity lifecycle management.

CyberArk Workforce Identity features include:

  • SSO and one-click access to cloud, mobile, and on-premises applications
  • Comprehensive range of user-friendly, context, and risk aware MFA services
  • Streamlined management of application access requests, provisioning of accounts to applications, and termination of application access

How it works

Additional resources provided by CyberArk


Okta is a modern identity and access management (IAM) platform that enables teams to securely and seamlessly manage AWS SSO entitlements at scale. Okta’s AWS Control Tower integration eases the burden of managing multi-account environment. By allowing IT to effectively provision, monitor, and secure accounts, Okta helps organization get up and running faster with AWS.

Okta features include:

  • Multi-factor authentication to secure access to Amazon WorkSpaces and AWS applications including AWS Control Tower
  • Federation with AWS SSO for single-click access to the AWS SSO user portal and its entitlements
  • Automated provisioning and deprovisioning into AWS SSO
  • Entitlement management directly from Okta
  • Automated end user information sync from HR systems and other directory providers
  • Centralized reporting and auditing of end user access across all apps and systems

How it works

Additional resources provided by Okta


Cengage needed a scalable solution that performed consistently, offered secure access to students and employees, and protected personal data. Okta helped Cengage engineers to plan, build, and test a prototype platform that could handle hundreds of thousands of logins at once. With Okta, Cengage can now free up engineering resources to develop new features, build subscription services, and improve personalization and student learning experiences.

quotes icon

As we looked at the different technologies and the different SAS providers out there, Okta was by far the leader that we felt would provide the value to really protect our internal systems as well as our end users. We’re moving more and more to the subscription model which is a big benefit to our students because it reduces cost tremendously. With Okta’s identity management, we can focus on our core systems and our core companies.

Ernie Ratcliff, VP of Architecture, Cengage


OneLogin cloud-based Identity and Access Management (IAM) enables IT teams to centrally manage and provision access to AWS resources. Whether you’re newly migrating to AWS or an Enterprise user, integrating Control Tower with OneLogin ensures your organization can easily and securely scale your multi-account environment and IAM permissions.

OneLogin features include:

  • Single Sign-On (SSO) and Multi-Factor Authentication (MFA) for AWS and Corporate Applications
  • Identity federation with Microsoft Active Directory (AD)
  • Automatically grant access with JIT user provisioning
  • Comprehensive reporting of logins, access, and provisioning
  • Sync user information from Active Directory, Azure, LDAP, or G-Suite

How it works

Additional resources provided by OneLogin

DPG Media

DPG Media is an international media company headquartered in Belgium. After moving a third of their corporate apps to the cloud, DPG wanted a one-stop shop for user provisioning, password management, and access security for on-premises and cloud applications. With OneLogin, DPG Media automates provisioning for 10,000 users, deploys new apps to teams in a half hour, and secures authentication to 40+ AWS accounts.

quotes icon
Once our cloud migration journey is complete, all of our corporate and SaaS applications will be completely aligned in one environment and managed through OneLogin’s portal and one identity, taking the headache out of what was once a complex environment of applications and conflicting account and password policies. 

            Wim Plat, Information and Communication Technologies Architect, DPG Media

Ping Identity

Ping’s Workforce360 solution provides central authentication services to connect employees across any application, directory, and situation. By providing authentication for all end users and identities in a multi-account environment, Ping can eliminate authentication silos, helping your business increase agility. The result is a centrally managed authentication hub that provides a highly configurable, secure, and consistent experience for your workforce.

Ping Identity features include:

  • Workforce authentication authority
  • Single sign-on (SSO) for employees, partners, and more
  • Multi-factor authentication (MFA) with contextual and adaptive policies
  • Centralized management and delegated administration

How it works

Additional resources provided by Ping Identity