IAM Identity Center and AWS Organizations - AWS IAM Identity Center

IAM Identity Center and AWS Organizations

AWS Organizations is recommended, but not required, for use with IAM Identity Center. If you haven't set up an organization, you don't have to. When you enable IAM Identity Center, you will choose whether to enable the service with AWS Organizations. When you set up an organization, the AWS account that sets up the organization becomes the management account of the organization. The root user of the AWS account is now the owner of the organizational management account. Any additional AWS accounts you invite to your organization are member accounts. The management account creates the organizations resources, organizational units, and policies that manage the member accounts. Permissions are delegated to member accounts by the management account.

Note

We recommend that you enable IAM Identity Center with AWS Organizations, which creates an organization instance of IAM Identity Center. An organization instance is our recommended best practice because it supports all features of IAM Identity Center and provides central management capabilities. For more information, see Organization and account instances of IAM Identity Center.

If you've already set up AWS Organizations and are going to add IAM Identity Center to your organization, make sure that all AWS Organizations features are enabled. When you create an organization, enabling all features is the default. For more information, see Enabling all features in your organization in the AWS Organizations User Guide.

To enable IAM Identity Center, you must sign in to the AWS Management Console by signing in to your AWS Organizations management account as a user that has administrative credentials or as the root user (not recommended unless no other administrative users exist). You can't enable IAM Identity Center while signed in with administrative credentials from an AWS Organizations member account. For more information, see Creating and managing an AWS Organization in the AWS Organizations User Guide.

For more information on managing your AWS Organizations, see the following: