Manage identities in IAM Identity Center - AWS IAM Identity Center

Manage identities in IAM Identity Center

IAM Identity Center provides the following capabilities for your users and groups:

  • Create your users and groups.

  • Add your users as members to the groups.

  • Assign the groups with the desired level of access to your AWS accounts and applications.

To manage users and groups in the IAM Identity Center store, AWS supports the API operations listed in Identity Center Actions.

Provisioning when users are in IAM Identity Center

When you create users and groups directly in IAM Identity Center, provisioning is automatic. These identities are immediately available for use in making assignments and for use by applications. For more information, see User and group provisioning.

Changing your identity source

If you prefer to manage users in AWS Managed Microsoft AD, you can stop using your Identity Center directory at any time and instead connect IAM Identity Center to your directory in Microsoft AD by using AWS Directory Service. For more information, see considerations for Changing between IAM Identity Center and Active Directory.

If you prefer to manage users in an external identity provider (IdP), you can connect IAM Identity Center to your IdP and enable automatic provisioning. For more information, see considerations for Changing from IAM Identity Center to an external IdP.