Provision users and groups from Active Directory

IAM Identity Center provides the following two ways to provision users and groups from Active Directory.

IAM Identity Center configurable Active Directory (AD) sync (recommended) — With this sync method, you can do the following:
- Control data boundaries by explicitly defining the users and groups in Microsoft Active Directory that are automatically synchronized into IAM Identity Center. You can add users and groups or remove users and groups to change the scope of the sync at any time.
- Assign synchronized users and groups single sign-on access to AWS accounts or access to applications. The applications can be AWS managed applications or customer managed applications.
- Control the synchronization process by pausing and resuming the sync as needed. This helps you regulate the load on production systems.
IAM Identity Center AD sync — With this sync method, you use IAM Identity Center to assign users and groups in Active Directory access to AWS accounts and to applications. All identities with assignments are automatically synced into IAM Identity Center.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Mapping user attributes between IAM Identity Center and Microsoft AD directory

IAM Identity Center configurable AD sync