# Accessing member accounts in an organization with Amazon Organizations When you create an account in your organization, Amazon Organizations automatically creates an IAM role that is by default named `OrganizationAccountAccessRole`. You can specify a different name when you create it, however we recommend that you name it consistently across all of your accounts. Amazon Organizations doesn't create any other users or roles. To access the accounts in your organization, you must use one of the following methods: **Minimum permissions** To access an Amazon Web Services account from any other account in your organization, you must have the following permission: `sts:AssumeRole` – The `Resource` element must be set to either an asterisk (\*) or the account ID number of the account with the user who needs to access the new member account ------ #### [ Using trusted access for IAM Identity Center ] Use [Amazon IAM Identity Center](https://docs.amazonaws.cn/singlesignon/latest/userguide/what-is.html) and enable trusted access for IAM Identity Center with Amazon Organizations. This allows users to sign in to the Amazon access portal with their corporate credentials and access resources in their assigned management account or member accounts. For more information, see [Multi-account permissions](https://docs.amazonaws.cn/singlesignon/latest/userguide/manage-your-accounts.html) in the *Amazon IAM Identity Center User Guide.* For information about setting up trusted access for IAM Identity Center, see [Amazon IAM Identity Center and Amazon Organizations](services-that-can-integrate-sso.md). ------ #### [ Using the IAM role OrganizationAccountAccessRole ] If you create an account by using the tools provided as part of Amazon Organizations, you can access the account by using the preconfigured role named `OrganizationAccountAccessRole` that exists in all new accounts that you create this way. For more information, see [Accessing a member account that has OrganizationAccountAccessRole with Amazon Organizations](orgs_manage_accounts_access-cross-account-role.md). If you invite an existing account to join your organization and the account accepts the invitation, you can then choose to create an IAM role that allows the management account to access the invited member account. This role is intended to be identical to the role automatically added to an account that is created with Amazon Organizations. To create this role, see [Creating OrganizationAccountAccessRole for an invited account with Amazon Organizations](orgs_manage_accounts_create-cross-account-role.md). After you create the role, you can access it using the steps in [Accessing a member account that has OrganizationAccountAccessRole with Amazon Organizations](orgs_manage_accounts_access-cross-account-role.md). ------ **Topics** + [Creating an IAM access role](orgs_manage_accounts_create-cross-account-role.md) + [Using the IAM access role](orgs_manage_accounts_access-cross-account-role.md)