Connect your existing workforce identity source and centrally manage access to AWS

Meets you where you are and helps you scale

AWS IAM Identity Center is the recommended service for managing your workforce's access to AWS applications, such as Amazon Q Developer. It is a flexible solution that can be used to connect your existing identity source once and gives your AWS applications a common view of your users. Your users get a streamlined, consistent experience across AWS applications. It works alongside existing AWS account access configurations.

Benefits

Connect your existing identity source to streamline accessing AWS

Give your workforce single sign-on access and a consistent experience across AWS services. Use your chosen identity source and IAM Identity Center alongside your existing IAM roles and policies.

Efficiently manage workforce access to AWS applications

Allow easier management and auditing of user access to AWS applications by making user and group information from your identity source available through IAM Identity Center. You can do this while maintaining your existing access configurations for AWS accounts.

Improve control and visibility of user access to data in AWS applications

Give your data owners the ability to authorize and log data access by user. Enable the transfer of user identity context from your business intelligence tool to the AWS data services you use, while continuing to use your chosen identity source and other AWS access management configurations.

Manage workforce access to a multi-account AWS environment

Manage access consistently across multiple AWS accounts, discover who has access to what, and provide your workforce with single sign-on authentication. Use IAM Identity Center with your existing identity source or create a new directory, and manage workforce access to part or all of your AWS environment.

Why use IAM Identity Center?

Use IAM Identity Center to scale access securely across AWS accounts and applications, such as Amazon Q Developer—your AI-powered productivity tool for the integrated development environment (IDE) and command line. 

Use cases

Enable a unified workforce user experience across AWS

Configure the service with your chosen identity source—whether Okta, Google Workspace, Microsoft Entra ID, Microsoft Active Directory, the built-in IAM Identity Center directory, or one of many others—and provide all AWS services with a shared understanding of your workforce users and groups.

Manage access to your AWS applications

IAM Identity Center integrates with applications such as Amazon SageMaker Studio, AWS Systems Manager Change Manager, and AWS IoT SiteWise, so you do not need to connect your identity source to each application individually. With this integration, you can manage and view your workforce access centrally.

Configure and audit access to application data by users and groups

IAM Identity Center offers trusted identity propagation from your business intelligence tools to the AWS Analytics services managing your data. Share your understanding of your workforce with your data service administrators and auditors to more easily define user permissions and track user access to application data.

Enable single sign-on access to Amazon EC2 Windows instances

Securely access your Amazon EC2 Windows instances with existing corporate usernames, passwords, and MFA devices. You are not required to share administrator credentials, access credentials multiple times, or configure remote access client software. You can centrally grant and revoke access to your EC2 Windows instances at scale across multiple AWS accounts.

Manage access to a multi-account AWS environment

Your users can use their directory credentials for single sign-on access to multiple AWS accounts. Their personalized web user portal shows their assigned roles in AWS accounts in one place. Users can sign in through the AWS Command Line Interface, AWS SDKs, or AWS Console Mobile Application using their directory credentials for a consistent authentication experience.