AWS - IAM
Configure AWS IAM at Scale
IAM Identity Center
AWS IAM Identity Center provides a unified, organizational-level identity management solution for your AWS Organization. While AWS IAM manages users and groups within a single account, IAM Identity Center lets you centralize access, identities, and single sign-on (SSO) across multiple member accounts from your management account.
Key Features
| Feature | Description | Benefit |
|---|---|---|
| Centralized Access | Assign and manage permissions across all member accounts in your Organization | Consistent, audit-ready permission model |
| User Identities | Create users in AWS or connect to external identity providers (Okta, AD) | Flexible identity source, no separate sync |
| Single Sign-On (SSO) | Integrate cloud apps and AWS accounts for seamless access | One-click access to all authorized resources |
Demo: Enabling IAM Identity Center
Follow these steps to enable IAM Identity Center (formerly AWS SSO) in your Organization.
Note
Ensure your AWS Organization is active and you have Management Account privileges before proceeding.
1. Verify SSO Status in a Member Account
- Sign in to a member account.
- Go to IAM Identity Center in the AWS Console.
- You’ll see a message indicating SSO isn’t enabled yet.
2. Enable in the Management Account
- Switch to your Management Account.
- Open the IAM Identity Center page.
- Click Enable IAM Identity Center to activate SSO for all member accounts.
(Optional) CLI Alternative
You can also enable SSO programmatically using the AWS CLI:
aws sso-admin enable-sso \
--region us-east-1 \
--cli-input-json file://enable-sso-config.json
Links and References
Watch Video
Watch video content