Enable account instances in the IAM Identity Center console
If you enabled IAM Identity Center before November 15, 2023, you have an organization instance of IAM Identity Center and the ability for member accounts to create account instances is disabled by default. You can choose whether your member accounts can create account instances by enabling the account instance feature in the AWS Management Console.
Note
Member accounts can create an account instance as long as you haven’t deployed an instance of IAM Identity Center to your organization in an opt-in Region (AWS Region that's disabled by default) regardless of deployment date. Any organization instance of IAM Identity Center deployed in an opt-in AWS Region will prevent the creation of account instances. For information about Regions, see AWS IAM Identity Center Region availability.
To enable creation of account instances by member accounts in your organization
-
Open the IAM Identity Center console
. -
Choose Settings, and then choose the Management tab.
-
In the Account instances of IAM Identity Center section, choose Enable account instances of IAM Identity Center.
-
In the Enable account instances of IAM Identity Center dialog box, confirm that you want to allow member accounts in your organization to create account instances by choosing Enable.
Important
Enabling account instances of IAM Identity Center for member accounts is a one-time operation. This means that this operation can't be reversed. Once enabled, you can limit the creation of account instances by creating a service control policy (SCP). For instructions, see Control account instance creation with Services Control Policies.
