Customer managed applications

With IAM Identity Center, you can create or connect workforce users and centrally manage their access across all their AWS accounts and applications. IAM Identity Center acts as a central identity service and provides different ways for your users to be authenticated. If you already use an identity provider (IdP), IAM Identity Center can integrate with your IdP so that you can provision your users and groups into IAM Identity Center and use your IdP for authentication.

If you use customer managed applications that support SAML 2.0, you can federate your IdP to IAM Identity Center through SAML 2.0 and use IAM Identity Center to manage user access to those applications. IAM Identity Center provides a catalog of commonly used applications that support SAML 2.0, such as Salesforce and Microsoft 365. This catalog is available in the IAM Identity Center console. You can also set up your own SAML 2.0 applications.

Note

If you have customer managed applications that support OAuth 2.0 and your users need access from these applications to AWS services, you can use trusted identity propagation. With trusted identity propagation, a user can sign in to an application, and that application can pass the users’ identity in requests to access data in AWS services. For more information, see Using trusted identity propagation with customer managed applications.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS managed applications

SAML 2.0 and OAuth 2.0