MIDASEC05-BP02 Build user identity solutions

Deploy centralized identity systems that integrate with existing directories and cloud resources to manage user authentication and authorization efficiently.

Desired outcome: Consistent and secure identity management across all industrial and cloud systems.

Benefits of establishing this best practice: Improves user lifecycle management, simplifies access governance, and enhances login security with MFA and federation.

Level of risk exposed if this best practice is not established: Medium

Implementation guidance

Implement AWS IAM Identity Center or integrate third-party identity providers with AWS.

Implementation steps

Deploy IAM Identity Center for central identity control.
Enable federation with existing AD or SAML-based systems.
Set up MFA for all privileged roles and access points.
Log all authentication events using AWS CloudTrail.

Resources

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

MIDASEC05-BP01 Define access permissions

MIDASEC05-BP03 Implement data authorization models