AWS IAM Identity Center のアイコン

AWS IAM Identity Center Popular2017年〜

A service that provides single sign-on to multiple AWS accounts and SaaS applications

About 2 min read

What It Does

AWS IAM Identity Center (formerly AWS SSO) is a service that provides single sign-on (SSO) to multiple AWS accounts and business applications. With a single login, you can access multiple accounts and applications, and manage users and access permissions centrally.

Use Cases

Used for managing developer access in multi-account environments, SSO to SaaS applications (Salesforce, Microsoft 365, etc.), integration with external IdPs (Okta, Azure AD), and issuing temporary credentials.

Everyday Analogy

Think of it like an office building where one employee badge gets you into every floor. Instead of carrying separate keys for each floor (account), a single badge (SSO) grants access to all the floors you're authorized to enter.

What Is IAM Identity Center?

AWS IAM Identity Center is the core access management service for AWS multi-account environments. From the user portal, you can access assigned AWS accounts and applications via SSO. Integration with AWS CLI v2 also enables SSO authentication from the command line.

Permission Sets and Identity Sources

A permission set is a template of IAM policies to assign to users. You assign permission sets to users or groups and specify the target accounts. For the identity source, you can choose from the Identity Center built-in directory, Active Directory, or an external IdP (SAML 2.0). To deepen your practical knowledge of permission sets and identity sources, specialized books on Amazon are helpful.

Getting Started

Enable IAM Identity Center in the console and select an identity source. Create users and groups, define permission sets, and assign them to AWS accounts. Users log in through the portal URL and can access the management console or CLI for their assigned accounts.

Things to Watch Out For

  • IAM Identity Center requires AWS Organizations to be enabled. It cannot be used with a single account
  • IAM Identity Center itself is free. Integration with an external IdP may incur separate charges from that IdP
共有するXB!

Related Services

AWS Organizations iconAWS OrganizationsA service for centrally managing multiple AWS accountsAWS IAM iconAWS IAMAn authentication and authorization service for securely managing access to AWS resourcesAWS Directory Service iconAWS Directory ServiceA service that provides managed Active Directory on AWSAmazon Cognito iconAmazon CognitoA service that provides authentication, authorization, and user management for web and mobile applications

Related Articles

Building a Multi-Account Environment with AWS Control Tower - Landing Zone and GuardrailsAutomatically build a best-practice multi-account environment and maintain continuous compliance with over 400 guardrails. Learn extension techniques using Account Factory and Customizations for Control Tower.Active Directory Integration - Extending Your On-Premises Identity Infrastructure to the Cloud with AWS Directory ServiceLearn how to integrate Active Directory with the cloud using AWS Directory Service. This article covers how to choose between AWS Managed Microsoft AD, AD Connector, and Simple AD, and how to integrate with WorkSpaces, RDS, and FSx.Single Sign-On with AWS IAM Identity Center - Multi-Account Access ManagementAchieve single sign-on for multi-account environments and control access levels to each account with permission sets. Covers external IdP integration and ABAC usage.SSO and Identity Management - Centralized Authentication with AWS IAM Identity CenterLearn how to implement single sign-on and multi-account access management with AWS IAM Identity Center (formerly AWS SSO). Covers external IdP integration, permission set design, and how it differs from Cognito.Zero Trust Network Access - VPN-Free Secure Access with AWS Verified AccessLearn about VPN-less zero trust access with AWS Verified Access. Covers identity provider integration, device trust, policy-based access control, and comparison with traditional VPNs.

More in This Category

IAM Access Analyzer iconIAM Access Analyzer SpecializedA service that detects externally accessible resources and unused access permissionsAWS Certificate Manager iconAWS Certificate Manager EssentialA service that automates provisioning, management, and deployment of SSL/TLS certificatesAWS Artifact iconAWS Artifact SpecializedA service for on-demand access to AWS compliance reports and agreementsAWS Audit Manager iconAWS Audit Manager SpecializedA service that automates evidence collection and assessment for compliance auditsAWS CloudHSM iconAWS CloudHSM SpecializedA service for managing encryption keys using dedicated hardware security modulesAmazon Cognito iconAmazon Cognito PopularA service that provides authentication, authorization, and user management for web and mobile applicationsAmazon Detective iconAmazon Detective SpecializedA service that automatically analyzes security findings and investigates root causesAWS Directory Service iconAWS Directory Service SpecializedA service that provides managed Active Directory on AWS

Similar Articles and Services

Single Sign-On with AWS IAM Identity Center - Multi-Account Access ManagementAchieve single sign-on for multi-account environments and control access levels to each account with permission sets. Covers external IdP integration and ABAC usage.SSO and Identity Management - Centralized Authentication with AWS IAM Identity CenterLearn how to implement single sign-on and multi-account access management with AWS IAM Identity Center (formerly AWS SSO). Covers external IdP integration, permission set design, and how it differs from Cognito.AWS IAMAn authentication and authorization service for securely controlling access to AWS resources, providing fine-grained access management through users, groups, roles, and policies