Integrating IAM Identity Center - Amazon Lake Formation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Integrating IAM Identity Center

With Amazon IAM Identity Center, you can connect to identity providers (IdPs) and centrally manage access for users and groups across Amazon analytics services. You can integrate identity providers such as Okta, Ping, and Microsoft Entra ID (formerly Azure Active Directory) with IAM Identity Center for users in your organization to access data using a single-sign on experience. IAM Identity Center also supports connecting additional third-party identity providers.

For more information see, Supported identity providers in the Amazon IAM Identity Center User Guide.

You can configure Amazon Lake Formation as an enabled application in IAM Identity Center, and data lake administrators can grant fine-grained permissions to authorized users and groups on Amazon Glue Data Catalog resources.

Users from your organization can sign in to any Identity Center enabled application using your organization’s identity provider, and query datasets applying Lake Formation permissions. With this integration, you can manage access to Amazon services, without creating multiple IAM roles.

Note

Trusted identity propagation allows users' existing user and group memberships to access data across all Amazon analytics services. With trusted identity propagation, a user can sign in to an application, and the application can pass the user's identity in requests to access data in Amazon services. You don't need to perform any service-specific identity provider configurations or IAM role setups. For more information, see Trusted identity propagation across application in the Amazon IAM Identity Center User Guide.

For limitations, see IAM Identity Center integration limitations.

Topics