AWS - IAM

Configure AWS IAM at Scale

IAM Identity Center

AWS IAM Identity Center provides a unified, organizational-level identity management solution for your AWS Organization. While AWS IAM manages users and groups within a single account, IAM Identity Center lets you centralize access, identities, and single sign-on (SSO) across multiple member accounts from your management account.

Key Features

FeatureDescriptionBenefit
Centralized AccessAssign and manage permissions across all member accounts in your OrganizationConsistent, audit-ready permission model
User IdentitiesCreate users in AWS or connect to external identity providers (Okta, AD)Flexible identity source, no separate sync
Single Sign-On (SSO)Integrate cloud apps and AWS accounts for seamless accessOne-click access to all authorized resources

The image describes IAM Identity Center features, highlighting centralized access, user identities, and single sign-on capabilities.


Demo: Enabling IAM Identity Center

Follow these steps to enable IAM Identity Center (formerly AWS SSO) in your Organization.

Note

Ensure your AWS Organization is active and you have Management Account privileges before proceeding.

1. Verify SSO Status in a Member Account

  1. Sign in to a member account.
  2. Go to IAM Identity Center in the AWS Console.
  3. You’ll see a message indicating SSO isn’t enabled yet.

2. Enable in the Management Account

  1. Switch to your Management Account.
  2. Open the IAM Identity Center page.
  3. Click Enable IAM Identity Center to activate SSO for all member accounts.

The image is a slide titled "Demo: Enable IAM Identity Center," featuring an illustration of a person with a speech bubble labeled "Demo" and instructions for enabling the IAM Identity Center for single sign-on.

(Optional) CLI Alternative

You can also enable SSO programmatically using the AWS CLI:

aws sso-admin enable-sso \
  --region us-east-1 \
  --cli-input-json file://enable-sso-config.json

Watch Video

Watch video content

Previous
IAM Anywhere