Step 7: Set up AWS account access for additional users (optional) - AWS IAM Identity Center (successor to AWS Single Sign-On)

Step 7: Set up AWS account access for additional users (optional)

Now that you've created an administrative user in IAM Identity Center and assigned an additional permission set that you can use to perform tasks with least-privileged permissions, you can add other users. You can add users by doing any of the following:

After you add other users, create permission sets for these users and assign the users to the new permission sets as needed to grant them single sign-on access to one or more AWS accounts in your organization.

If you are using the default Identity Center directory as an identity source, after your users accept their invitation to activate their account and they sign into the AWS access portal, the only icons that appear in the portal are for the AWS accounts to which the users are assigned. Users who are assigned to multiple permission sets can sign in to the AWS access portal, choose an account, and then choose a role that was created from an assigned permission set.

For information about how to assign additional users single sign-on access to your AWS accounts by using the console, see Assign user access to AWS accounts. Alternatively, you can use AWS CloudFormation to create and assign permission sets and assign users to those permission sets. Users can then sign in to the AWS access portal or use AWS Command Line Interface (AWS CLI) commands.