Add users - Amazon IAM Identity Center
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Add users

Users and groups that you create in your Identity Center directory are available in IAM Identity Center only. Use the following procedure to add users to your Identity Center directory using the IAM Identity Center console. Alternatively, you can call the Amazon API operation CreateUser to add users.

To add a user
  1. Open the IAM Identity Center console.

  2. Choose Users.

  3. Choose Add user and provide the following required information:

    1. Username – This user name is required to sign in to the Amazon Web Services access portal and can't be changed later. It must be between 1 and 100 characters.

    2. Password – You can either send an email with the password setup instructions (this is the default option) or generate a one-time password. If you are creating an administrative user and you choose to send an email, make sure that you specify an email address that you can access.

      1. Send an email to this user with password setup instructions. – This option automatically sends the user an email addressed from Amazon Web Services, with the subject line Invitation to join Amazon IAM Identity Center (successor to Amazon Single Sign-On). The email invites the user on behalf of your company to access the IAM Identity Center Amazon Web Services access portal.


        In some cases, IAM Identity Center makes cross-Region API calls to send emails to users. For information about how emails are sent, see Cross-Region calls .

        All emails sent by the IAM Identity Center service will come from either the address or We recommend that you configure your email system so that it accepts emails from these sender email addresses and does not handle them as junk or spam.

      2. Generate a one-time password that you can share with this user. – This option provides you with the Amazon Web Services access portal URL and password details that you can manually send to the user from your email address.

    3. Email address – The email address must be unique.

    4. Confirm email address

    5. First name – You must enter a name here for automatic provisioning to work. For more information, see Automatic provisioning.

    6. Last name – You must enter a name here for automatic provisioning to work.

    7. Display name


      (Optional) If applicable, you can specify values for additional attributes such as the user's Microsoft 365 immutable ID to help provide the user with single sign-on access to certain business applications.

  4. Choose Next.

  5. If applicable, select one or more groups to which you want to add the user, and choose Next.

  6. Review the information that you specified for Step 1: Specify user details and Step 2: Add user to groups - optional. Choose Edit by either step to make any changes. After you confirm that the correct information is specified for both steps, choose Add user.