Sign in to the AWS access portal with your IAM Identity Center credentials - AWS IAM Identity Center

Sign in to the AWS access portal with your IAM Identity Center credentials

The AWS access portal provides IAM Identity Center users with single sign-on access to all their assigned AWS accounts and applications through a web portal.

Complete the following steps to confirm that the IAM Identity Center user can sign in to the AWS access portal and access the AWS account.

  1. Do either of the following to sign in to the AWS Management Console.

    • New to AWS (root user) – Sign in as the account owner by choosing Root user and entering your AWS account email address. On the next page, enter your password.

    • Already using AWS (IAM credentials) – Sign in with your IAM credentials and select an admin role.

  2. Open the IAM Identity Center console.

  3. In the navigation pane, choose Dashboard.

  4. On the Dashboard page, under Settings summary, copy the AWS access portal URL.

  5. Open a separate browser, paste the AWS access portal URL that you copied in Step 4, and press Enter.

  6. Sign in by using either of the following:

    • If you're using Active Directory or an external identity provider (IdP) as your identity source, sign in by using the credentials of the Active Directory or IdP user.

    • If you're using the default Identity Center directory as your identity source, sign in by using the username that you specified when you created the user and the new password that you specified for the user.

There are different portal experiences depending on the region your AWS account is located in, Standard AWS access portal and Legacy AWS access portal.

After you've signed in to the AWS access portal, if you're presented with the AWS account icon follow the procedure in the Legacy AWS access portal tab, otherwise follow the procedure in the Standard AWS access portal tab.

Standard AWS access portal

  1. In the AWS accounts section, locate your AWS account and expand it.

  2. The roles available to you are displayed. If you assigned this user both the AdministratorAccess permission set and Billing permissions sets, those roles are displayed in the AWS access portal. Choose the IAM role name you want to use for the session.

  3. If you're redirected to the AWS Management Console you successfully finished setting up access to the AWS account.

    Note

    If you don't see any AWS accounts listed, it's likely that the user hasn't yet been assigned to a permission set for that account. For instructions on assigning users to a permission set, see Assign user access to AWS accounts.

Now that you've confirmed that you can sign in using IAM Identity Center credentials, switch to the browser that you used to sign into the AWS Management Console and sign out from your root user or IAM user credentials. from your AWS account root user.

Important

We strongly recommend that you use the credentials of the IAM Identity Center administrative user when you sign in to the AWS access portal to perform administrative tasks instead of using IAM user or root user credentials. Safeguard your root user credentials and use them to perform the tasks that only the root user can perform. To enable other users to access your accounts and applications, and to administer IAM Identity Center, create and assign permission sets only through IAM Identity Center.

Legacy AWS access portal

  1. Choose the name of the account to display the available permission sets.

    When you sign in, the name of the permission sets to which the user is assigned appears as available roles in the AWS access portal. If you assigned this user to the AdministratorAccess and Billing permission sets, those roles will appear in the AWS access portal.

  2. Choose the Management Console link to the right of the permission set name you want to use for the session.

  3. If you're redirected to the AWS Management Console you successfully finished setting up access to the AWS account.

Now that you've confirmed that you can sign in using IAM Identity Center credentials, switch to the browser that you used to sign into the AWS Management Console and sign out from your root user or IAM user credentials. from your AWS account root user.

Important

We strongly recommend that you use the credentials of the IAM Identity Center administrative user when you sign in to the AWS access portal to perform administrative tasks instead of using IAM user or root user credentials. Safeguard your root user credentials and use them to perform the tasks that only the root user can perform. To enable other users to access your accounts and applications, and to administer IAM Identity Center, create and assign permission sets only through IAM Identity Center.