Manage your identity source

Your identity source in IAM Identity Center defines where your users and groups are managed. After you configure your identity source, you can look up users or groups to grant them single sign-on access to AWS accounts applications, or both.

You can have only one identity source per organization in AWS Organizations. You can choose one of the following as your identity source:

• Identity Center directory – When you enable IAM Identity Center for the first time, it is automatically configured with an Identity Center directory as your default identity source. This is where you create your users and groups, and assign their level of access to your AWS accounts and applications.

• Active Directory – Choose this option if you want to continue managing users in either your AWS Managed Microsoft AD directory using AWS Directory Service or your self-managed directory in Active Directory (AD).

• External identity provider – Choose this option if you want to manage users in an external identity provider (IdP) such as Okta or Microsoft Entra ID.

Note

IAM Identity Center does not support SAMBA4-based Simple AD as an identity source.

Topics

• Considerations for changing your identity source
• Change your identity source
• Manage sign-in and attribute use for all identity source types
• Manage identities in IAM Identity Center
• Connect to a Microsoft AD directory
• Connect to an external identity provider