Get started with common tasks in IAM Identity Center - Amazon IAM Identity Center
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Get started with common tasks in IAM Identity Center

If you are a new user of IAM Identity Center, the basic workflow to get started using the service is:

  1. Sign in to the console of your management account if you are using an organization instance of IAM Identity Center or your Amazon Web Services account if you are using an account instance of IAM Identity Center and navigate to the IAM Identity Center console.

  2. Select the directory you use for storing the identities of your users and groups from the IAM Identity Center console. IAM Identity Center provides you a directory by default that you can use to configure user access. If you prefer to use another identity source, you can connect your active directory or an external identity provider.

  3. For organization instances, assign user access to Amazon Web Services accounts by selecting the accounts in your organization, and then selecting users or groups from your directory and the permissions you want to grant them.

  4. Give users access to applications by:

    1. Set up customer managed SAML 2.0 applications by either electing one of the pre-integrated applications from the application catalog or adding your own SAML 2.0 application.

    2. Configure the application properties.

    3. Assign the users access to the application. We recommend that you assign user access through group membership rather than by adding individual user permissions. With groups you can grant or deny permissions to groups of users, instead of applying those permissions to each individual. If a user moves to a different organization, you simply move that user to a different group. The user then automatically receives the permissions that are needed for the new organization.

  5. If you are using the default IAM Identity Center directory, tell your users how to sign in to the Amazon Web Services access portal. New users in IAM Identity Center must activate their user credentials before they can be used to sign in to the Amazon Web Services access portal. For more information, see Sign in to the Amazon Web Services access portal in the Amazon Sign-In User Guide

The topics in this section help familiarize you with the common tasks performed after you have completed the initial configuration of IAM Identity Center.

If you haven't enabled IAM Identity Center yet, see Enabling Amazon IAM Identity Center.