Create an account instance of IAM Identity Center
An organization instance is the primary and recommended method of enabling IAM Identity Center. Make sure your use case supports creating an account instance and that you're aware of the considerations.
Create an account instance from an organization member account or standalone AWS account
Do either of the following to sign in to the AWS Management Console.
New to AWS (root user) – Sign in as the account owner by choosing Root user and entering your AWS account email address. On the next page, enter your password.
Already using AWS (IAM credentials) – Sign in using your IAM credentials with administrative permissions.
-
Open the IAM Identity Center console
. -
Under Enable IAM Identity Center, choose Enable.
-
Select Continue creating the account instance and choose Continue.
Note
If an organization instance of IAM Identity Center exists, ensure that your use case requires its own account instance of IAM Identity Center. If it doesn’t, choose Cancel and use organization instance.
Optional. Add tags that you want to associate with this account instance.
A notification in the console indicates a successful account instance is created and includes the instance ID. You can name your instance in the Settings summary.
Note
Multi-factor authentication (MFA) is enabled by default for account instances. Users are prompted to sign in with MFA when their device, browser, or location changes. As a security best practice, we strongly recommend MFA for your workforce identities. Learn about Manage MFA devices in IAM Identity Center.
Management features such as confirming your identity source, adjusting multi-factor authentication settings, and adding AWS managed applications must be completed in the IAM Identity Center console.
