Identity and access management for IAM Identity Center - AWS IAM Identity Center

Identity and access management for IAM Identity Center

Access to IAM Identity Center requires credentials that AWS can use to authenticate your requests. Those credentials must have permissions to access AWS resources, such as an AWS managed application.

Authentication to the AWS access portal is controlled by the directory that you have connected to IAM Identity Center. However, authorization to the AWS accounts that are available to users from within the AWS access portal is determined by two factors:

  1. Who has been assigned access to those AWS accounts in the IAM Identity Center console. For more information, see Single sign-on access to AWS accounts.

  2. What level of permissions have been granted to the users in the IAM Identity Center console to allow them the appropriate access to those AWS accounts. For more information, see Create, manage, and delete permission sets.

The following sections explain how you as an administrator can control access to the IAM Identity Center console or can delegate administrative access for day-to-day tasks from the IAM Identity Center console.

Authentication

Learn how to access AWS using IAM identities.

Access control

You can have valid credentials to authenticate your requests, but unless you have permissions, you can't create or access IAM Identity Center resources. For example, you must have permissions to create an IAM Identity Center connected directory.

The following sections describe how to manage permissions for IAM Identity Center. We recommend that you read the overview first.