Customer managed applications - AWS IAM Identity Center

Customer managed applications

With IAM Identity Center, you can create or connect workforce users and centrally manage their access across all their AWS accounts and applications. IAM Identity Center acts as a central identity service and provides different ways for your users to be authenticated. If you already use an identity provider (IdP), IAM Identity Center can integrate with your IdP so that you can provision your users and groups into IAM Identity Center and use your IdP for authentication.

If you use customer managed applications that support SAML 2.0, you can federate your IdP to IAM Identity Center through SAML 2.0 and use IAM Identity Center to manage user access to those applications. IAM Identity Center provides a catalog of commonly used applications that support SAML 2.0, such as Salesforce and Microsoft 365. This catalog is available in the IAM Identity Center console. You can also set up your own SAML 2.0 applications.


If you have customer managed applications that support OAuth 2.0 and your users need access from these applications to AWS services, you can use trusted identity propagation. With trusted identity propagation, a user can sign in to an application, and that application can pass the users’ identity in requests to access data in AWS services. For more information, see Using trusted identity propagation with customer managed applications.