Application assignments - AWS IAM Identity Center

Application assignments

With AWS IAM Identity Center, you can easily control who can have single sign-on access to your cloud applications. Users get one-click access to these applications after they use their directory credentials to sign in to their AWS access portal.

IAM Identity Center securely communicates with these applications through a trusted relationship between IAM Identity Center and the application's service provider. This trust is created when you add the application from the IAM Identity Center console and configure it with the appropriate metadata for both IAM Identity Center and the service provider.

After the application has been successfully added to the IAM Identity Center console, you can manage which users or groups need permissions to the application. By default, when you add an application, no users are assigned to the application. In other words, newly added applications in the IAM Identity Center console are inaccessible until you assign users to them. IAM Identity Center supports the following applications types:

  • Identity Center enabled applications

  • Cloud applications

  • Custom Security Assertion Markup Language (SAML 2.0) applications

You can also grant your employees access to the AWS Management Console for a given AWS account in your organization. For more information on how to do this, see Multi-account permissions.

The following sections explain how to configure user access to your AWS applications and third-party software as a service (SaaS) applications. You can also configure any custom applications that support identity federation with SAML 2.0.