AWS IAM Identity Center (successor to AWS Single Sign-On) endpoints and quotas - AWS General Reference

AWS IAM Identity Center (successor to AWS Single Sign-On) endpoints and quotas

The following are the service endpoints and service quotas for this service. To connect programmatically to an AWS service, you use an endpoint. In addition to the standard AWS endpoints, some AWS services offer FIPS endpoints in selected Regions. For more information, see AWS service endpoints. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your AWS account. For more information, see AWS service quotas.

Service endpoints

IAM Identity Center

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 sso.us-east-2.amazonaws.com HTTPS
US East (N. Virginia) us-east-1 sso.us-east-1.amazonaws.com HTTPS
US West (Oregon) us-west-2 sso.us-west-2.amazonaws.com HTTPS
Asia Pacific (Hong Kong) ap-east-1 sso.ap-east-1.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 sso.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Osaka) ap-northeast-3 sso.ap-northeast-3.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 sso.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 sso.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 sso.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 sso.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1 sso.ca-central-1.amazonaws.com HTTPS
Europe (Frankfurt) eu-central-1 sso.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 sso.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 sso.eu-west-2.amazonaws.com HTTPS
Europe (Milan) eu-south-1 sso.eu-south-1.amazonaws.com HTTPS
Europe (Paris) eu-west-3 sso.eu-west-3.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 sso.eu-north-1.amazonaws.com HTTPS
Middle East (Bahrain) me-south-1 sso.me-south-1.amazonaws.com HTTPS
South America (São Paulo) sa-east-1 sso.sa-east-1.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1

sso.us-gov-east-1.amazonaws.com

sso.us-gov-east-1.amazonaws.com

HTTPS

HTTPS

AWS GovCloud (US-West) us-gov-west-1

sso.us-gov-west-1.amazonaws.com

sso.us-gov-west-1.amazonaws.com

HTTPS

HTTPS

Identity Store

Region Name Region Endpoint Protocol
US East (Ohio) us-east-2 identitystore.us-east-2.amazonaws.com HTTPS
US East (N. Virginia) us-east-1 identitystore.us-east-1.amazonaws.com HTTPS
US West (Oregon) us-west-2 identitystore.us-west-2.amazonaws.com HTTPS
Asia Pacific (Mumbai) ap-south-1 identitystore.ap-south-1.amazonaws.com HTTPS
Asia Pacific (Seoul) ap-northeast-2 identitystore.ap-northeast-2.amazonaws.com HTTPS
Asia Pacific (Singapore) ap-southeast-1 identitystore.ap-southeast-1.amazonaws.com HTTPS
Asia Pacific (Sydney) ap-southeast-2 identitystore.ap-southeast-2.amazonaws.com HTTPS
Asia Pacific (Tokyo) ap-northeast-1 identitystore.ap-northeast-1.amazonaws.com HTTPS
Canada (Central) ca-central-1 identitystore.ca-central-1.amazonaws.com HTTPS
Europe (Frankfurt) eu-central-1 identitystore.eu-central-1.amazonaws.com HTTPS
Europe (Ireland) eu-west-1 identitystore.eu-west-1.amazonaws.com HTTPS
Europe (London) eu-west-2 identitystore.eu-west-2.amazonaws.com HTTPS
Europe (Stockholm) eu-north-1 identitystore.eu-north-1.amazonaws.com HTTPS
AWS GovCloud (US-East) us-gov-east-1

identitystore.us-gov-east-1.amazonaws.com

identitystore.us-gov-east-1.amazonaws.com

HTTPS

HTTPS

AWS GovCloud (US-West) us-gov-west-1

identitystore.us-gov-west-1.amazonaws.com

identitystore.us-gov-west-1.amazonaws.com

HTTPS

HTTPS

Service quotas

Name Default Adjustable Description
File size of service provider SAML certificates (in PEM format) Each supported Region: 2 Kilobytes No The maximum file size (in KB) of service provider SAML certificates (in PEM format).
Number of groups supported in IAM Identity Center Each supported Region: 10,000 No The maximum number of groups supported in IAM Identity Center.
Number of permission sets allowed in IAM Identity Center Each supported Region: 500 Yes The maximum number of permission sets allowed in IAM Identity Center.
Number of permission sets allowed per AWS account Each supported Region: 50 Yes The maximum number of permission sets allowed per AWS account.
Number of unique directory groups that can be assigned Each supported Region: 2,500 Yes The maximum number of unique directory groups that can be assigned for using accounts and applications. Users can belong to many directory groups, and a directory may contain many groups.
Number of unique groups that can be used to evaluate the permissions for a user Each supported Region: 500 No The maximum number of unique groups that can be used to evaluate the permissions for a user. Before displaying the user’s available AWS accounts and application icons in the AWS access portal, IAM Identity Center evaluates the user’s effective permissions by evaluating their group memberships.
Number of users supported in IAM Identity Center Each supported Region: 50,000 No The maximum number of users supported in IAM Identity Center.
Total number of AWS accounts or applications that can be configured Each supported Region: 500 Yes The maximum total number of AWS accounts or applications (total combined) that can be configured. For example, you might configure 275 accounts and 225 applications, resulting in a total of 500 accounts and applications.

For more information, see AWS IAM Identity Center (successor to AWS Single Sign-On) quotas in the AWS IAM Identity Center (successor to AWS Single Sign-On) User Guide.