# Trusted Identity Propagation for interactive workloads
<a name="security-iam-service-trusted-prop-interactive-workloads"></a>

The steps to propagate identity to interactive workloads through an Apache Livy endpoint depend on whether your users interact with Amazon managed development environment like Amazon SageMaker AI or your own self-hosted Notebook environment as client-facing application.

![EMR Serverless flowchart.](http://docs.amazonaws.cn/en_us/emr/latest/EMR-Serverless-UserGuide/images/PEZ-SMAI.png)


## Amazon managed development environment
<a name="security-iam-service-trusted-prop-aws-managed-development"></a>

The following Amazon managed client-facing application supports trusted identity propagation with EMR-Serverless Apache Livy endpoint:
+ [Amazon SageMaker AI](https://aws.amazon.com/sagemaker/ai/)

## Customer managed self-hosted Notebook environment
<a name="security-iam-service-trusted-prop-self-hosted-notebook"></a>

To enable trusted identity propagation for users of custom-developed applications, see to [Access Amazon services programmatically using trusted identity propagation](https://amazonaws-china.com/blogs/security/access-aws-services-programmatically-using-trusted-identity-propagation/) in the *Amazon Security Blog*.