Supported identity providers

You can use IAM Identity Center to authenticate identities from external identity providers (IdPs) through the Security Assertion Markup Language (SAML) 2.0 standard. This enables your users to sign in to the AWS access portal with their corporate credentials. They can then navigate to their assigned accounts, roles, and applications hosted in external IdPs.

The SAML protocol does not provide a way to query the IdP to learn about users and groups. Therefore, you must make IAM Identity Center aware of those users and groups by provisioning them into IAM Identity Center.

IAM Identity Center has tested the SCIM implementation with several external identity providers (IdPs). The following IdPs are currently supported:

There are different prerequisites, considerations, and provisioning procedures for the different supported external IdPs.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Certificate expiration status indicators

CyberArk