Amazon SSO
Centralized AWS access management for workforce identities
About Amazon SSO
AWS IAM Identity Center simplifies workforce access to AWS applications by connecting your existing identity source and providing single sign-on across services. It enhances security, visibility, and control over user permissions while maintaining compatibility with existing IAM configurations.
FAQ
As a new IAM Identity Center customer, you sign in to the AWS Management Console of the management account in your AWS account and navigate to the IAM Identity Center console. Select the directory you use for storing the identities of your users and groups from the IAM Identity Center console. Grant users single sign-on access to AWS accounts in your organization by selecting the AWS accounts from a list populated by IAM Identity Center, and then selecting users or groups from your directory and the permissions you want to grant them. Give users access to business cloud applications by selecting one of the applications from the list of pre-integrated applications supported in IAM Identity Center, configuring the application, and selecting the users or groups that should be able to access this application. Finally, give your users the IAM Identity Center sign-in web address that was generated when you configured the directory so that they can sign in to IAM Identity Center and access accounts and business applications.
IAM Identity Center is offered at no extra charge.
With IAM Identity Center, you can create and manage user identities in IAM Identity Center’s identity store, or easily connect to your existing identity source including Microsoft Active Directory, Okta Universal Directory, Microsoft Entra ID (formerly Azure AD), or another supported IdP.
No. At any given time, you can have only one directory or one SAML 2.0 identity provider connected to IAM Identity Center. However, you can change the identity source that is connected to a different one.
No, IAM Identity Center does not create IAM users and groups. It has its own purpose-built identity store to hold user information. When using an external identity provider, Identity Center holds a synchronized copy of user attributes and group membership, but no authentication material like passwords or MFA devices. Your external identity provider remains the source of truth for user information and attributes.
Yes. If you use Okta Universal Directory, Microsoft Entra ID (formerly Azure AD), OneLogin, or PingFederate, you can use SCIM to synchronize user and group information from your IdP to IAM Identity Center automatically.
You can connect the following applications to IAM Identity Center: IAM Identity Center-integrated applications such as SageMaker Studio and IoT SiteWise, pre-integrated SAML applications like Salesforce, Microsoft 365, and Box, and custom SAML applications that allow identity federation using SAML 2.0.
Yes, you can use IAM Identity Center to control access to the AWS Management Console and CLI v2. IAM Identity Center enables your users to access the CLI and AWS Management Console through a single sign-on experience. The AWS Mobile Console app also supports IAM Identity Center so you get a consistent sign-in experience across browser, mobile, and command line interfaces.
Alternatives to consider
See all alternatives
Badges
Promote Amazon SSO giving it more exposure, by adding these badges to your website, documentation, or product listing. Each badge links back to Amazon SSO page on Webfolio.
<a href="https://www.webfolio.to/tools/amazon-sso?utm_source=badge&utm_campaign=badge" target="_blank" rel="noopener noreferrer"><img src="https://www.webfolio.to/badges/featured_color.svg" alt="Featured on Webfolio" style="max-width: 150px" /></a>
Categories
Claim this tool
Are you the founder? Claim your profile to update details and track views.