Manage identities in IAM Identity Center - AWS IAM Identity Center (successor to AWS Single Sign-On)

Manage identities in IAM Identity Center

  • Create your users and groups.

  • Add your users as members to the groups.

  • Assign the groups with the desired level of access to your AWS accounts and applications.

If you prefer to manage users in AWS Managed Microsoft AD, you can discontinue use of your IAM Identity Center store at any time and instead connect IAM Identity Center to your directory in Microsoft AD using AWS Directory Service. For more information, see Connect to your Microsoft AD directory.

If you prefer to manage users in an external identity provider (IdP), you can connect IAM Identity Center to your IdP and enable automatic provisioning. For more information, see Connect to your external identity provider.

Note

When identities are deleted in the IAM Identity Center identity store, corresponding assignments also get deleted in IAM Identity Center. However in Microsoft AD, when identities are deleted (either in AD or the synced in identities), corresponding assignments are not deleted.

Provisioning when users are in IAM Identity Center

When you create users and groups directly in IAM Identity Center, provisioning is automatic. These identities are immediately available for use in making assignments and for use by Identity Center enabled applications. For more information, see User and group provisioning.