Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

IAM Identity Center prerequisites and considerations

PDF
RSS
Focus mode
IAM Identity Center prerequisites and considerations - AWS IAM Identity Center

You can use IAM Identity Center for access to AWS managed applications only, AWS accounts only, or both. If you are using IAM federation to manage access to AWS accounts, you can continue to do so while using IAM Identity Center for application access.

Before enabling IAM Identity Center, consider the following:

  • AWS Region

    You can enable IAM Identity Center in a single, supported Region for each instance of IAM Identity Center. If you want to use IAM Identity Center for single-sign on access to AWS accounts, the Region must be accessible by all of the users in your organization. If you plan to use IAM Identity Center for application access, be aware that some AWS managed applications, such as Amazon SageMaker AI, can operate only in the Regions they support. Make sure that you enable IAM Identity Center in a Region supported by the AWS managed application(s) you want to use with it. Additionally, many AWS managed applications can operate only in the same Region where you enabled IAM Identity Center. For these reasons, make sure to choose the appropriate Region when enabling IAM Identity Center. For more information, see Considerations for choosing an AWS Region.

  • Application access only

    You can use IAM Identity Center only for user access to applications such as Amazon Q Developer, using your existing identity provider. For more information, see Using IAM Identity Center for user access to applications only.

    Note

    Access to application resources is managed independently by the application owner.

  • Quota for IAM roles

    IAM Identity Center creates IAM roles to give users permissions to account resources. For more information, see IAM roles created by IAM Identity Center.

  • IAM Identity Center and AWS Organizations

    AWS Organizations is recommended, but not required, for use with IAM Identity Center. If you haven't set up an organization, you don't have to. If you've already set up AWS Organizations and are going to add IAM Identity Center to your organization, make sure that all AWS Organizations features are enabled. For more information, see IAM Identity Center and AWS Organizations.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.