Create an account instance of IAM Identity Center - Amazon IAM Identity Center
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Create an account instance of IAM Identity Center

An organization instance is the primary and recommended method of enabling IAM Identity Center. Make sure your use case supports creating an account instance and that you're aware of the considerations.

Create an account instance from an organization member account or standalone Amazon Web Services account
  1. Do either of the following to sign in to the Amazon Web Services Management Console.

    • New to Amazon (root user) – Sign in as the account owner by choosing Root user and entering your Amazon Web Services account email address. On the next page, enter your password.

    • Already using Amazon (IAM credentials) – Sign in using your IAM credentials with administrative permissions.

  2. Open the IAM Identity Center console.

  3. Under Enable IAM Identity Center, choose Enable.

  4. Select Continue creating the account instance and choose Continue.


    If an organization instance of IAM Identity Center exists, ensure that your use case requires its own account instance of IAM Identity Center. If it doesn’t, choose Cancel and use organization instance.

  5. Optional. Add tags that you want to associate with this account instance.

A notification in the console indicates a successful account instance is created and includes the instance ID. You can name your instance in the Settings summary.


Multi-factor authentication (MFA) is enabled by default for account instances. Users are prompted to sign in with MFA when their device, browser, or location changes. As a security best practice, we strongly recommend MFA for your workforce identities. Learn about Manage MFA devices in IAM Identity Center.

Management features such as confirming your identity source, adjusting multi-factor authentication settings, and adding Amazon managed applications must be completed in the IAM Identity Center console.