Amazon managed applications that you can use with IAM Identity Center
IAM Identity Center lets you connect your existing identity source or create users once. This enables application administrators to manage access to the following Amazon managed applications without separate federation or user and group synchronization.
All of the Amazon managed applications in the following table integrate with organization instances of IAM Identity Center. The table also provides information about the following for a supported Amazon managed application:
Whether the application also integrates with account instances of IAM Identity Center
Whether the application can enable trusted identity propagation through IAM Identity Center
Whether the application supports IAM Identity Center configured with a customer managed KMS key
| Amazon managed application | Integrated with account instances of IAM Identity Center | Enables trusted identity propagation through IAM Identity Center | Supports IAM Identity Center configured with a customer managed KMS key |
|---|---|---|---|
| Amazon Athena SQL | Yes | Yes | Yes |
| Amazon CodeCatalyst | Yes | No | No |
| Amazon DataZone | Yes | Yes | Yes |
| Amazon EMR on EC2 | Yes | Yes | Yes |
| Amazon EMR on EKS | Yes | Yes | Yes |
| Amazon EMR Serverless | Yes | Yes | Yes |
| Amazon EMR Studio | Yes | Yes | Yes |
| Amazon Kendra | No | No | Yes |
| Amazon Managed Grafana | No | No | Yes |
| Amazon Monitron | No | No | No |
| Amazon OpenSearch Service | Yes | Yes | Yes |
| Amazon OpenSearch Service Serverless Service | Yes | Yes | Yes |
| OpenSearch user interface (Dashboards) | Yes | Yes | Yes |
| Amazon Q Business | Yes | Yes | Yes |
| Amazon Q Developer | Yes* | Yes | Yes |
| Amazon Quick Suite | Yes | Yes | Yes |
| Amazon Redshift | Yes | Yes | No |
| Amazon S3 Access Grants | Yes | Yes | Yes |
| Amazon SageMaker Unified Studio | Yes | Yes | Yes |
| Amazon SageMaker Studio | No | Yes | Yes |
| Amazon WorkMail | Yes | Yes | Yes |
| Amazon WorkSpaces | Yes | No | No |
| Amazon WorkSpaces Secure Browser | No | No | Yes |
| Amazon App Studio | Yes | No | No |
| Amazon Deadline Cloud | Yes | No | No |
| Amazon Glue | Yes | Yes | Yes |
| Amazon IoT Events | No | No | No |
| Amazon IoT Fleet Hub | No | No | No |
| Amazon IoT SiteWise | No | No | No |
| Amazon Lake Formation | Yes | Yes | Yes |
| Amazon re:Post Private | Yes | No | Yes |
| Amazon Supply Chain | Yes | No | Yes |
| Amazon Systems Manager | No | No | Yes |
| Amazon Transfer Family web apps | Yes | Yes | No |
| Amazon Transform | Yes | No | Yes |
| Amazon Verified Access | No | No | Yes |
| Multi-party approval | No | Yes | Yes |
* For Amazon Q Developer, account instances of IAM Identity Center are supported unless your users require access to the full set of Amazon Q Developer features on Amazon websites. For more information, see Setting up Amazon Q Developer in the Amazon Q Developer User Guide.
Note
Some Amazon services such as Amazon Connect and Amazon Client VPN are not listed in this table although you can use them with IAM Identity Center. This is because they integrate with IAM Identity Center exclusively using SAML and are therefore categorized as customer managed applications.