Getting started with IAM Identity Center
The following outlines how you can get started with IAM Identity Center.
-
Enable IAM Identity Center
When you enable IAM Identity Center, you choose between two types of IAM Identity Center instances. These types are: organization instances (recommended) and account instances. To learn more about the different capabilities of these instance types, see organization and account instances of IAM Identity Center.
Note
After IAM Identity Center is enabled, you can sign in and open the IAM Identity Center console
by doing either of the following: -
Organization instance - Sign in to Amazon using credentials with administrative permissions in the management account.
-
Account instance - Sign in to Amazon using credentials with administrative permissions in the Amazon Web Services account where IAM Identity Center is enabled.
-
-
Connect your identity source to IAM Identity Center
In IAM Identity Center console, confirm the identity source that you want to use. See the following for identity sources:
-
External identity provider - If you have an existing identity provider to manage your workforce users, you can connect it to IAM Identity Center. For more information about how to configure commonly used identity providers to work with IAM Identity Center, see IAM Identity Center identity source tutorials.
-
Active Directory - If you're using Active Directory to manage your workforce users, you can connect it to IAM Identity Center. For more information, see Using Active Directory as an identity source.
-
IAM Identity Center - Alternatively, you can create and manage users and groups directly in IAM Identity Center.
-
-
Set up user access to Amazon Web Services accounts (organization instance only)
If you’re using an organization instance of IAM Identity Center, you can assign user or group access to Amazon Web Services accounts, using permission sets to grant your users access to Amazon Web Services accounts and resources.
-
Set up user access to applications
With IAM Identity Center, you can grant users access to two types of applications:
-
-
You can use IAM Identity Center with Amazon managed applications like Amazon Q Business, Amazon CLI, and Amazon Redshift. For more information, see Amazon managed applications and Integrating Amazon CLI with IAM Identity Center.
-
-
-
You can integrate either of the following types of customer managed applications with IAM Identity Center:
-
After configuring your application, you can assign your users access to the application.
-
-
-
Provide your users with sign-in instructions for the Amazon Web Services access portal
The Amazon Web Services access portal is a web portal that provides your users with seamless access to all their assigned applications, Amazon Web Services accounts, or both. New users in IAM Identity Center must activate their user credentials before they can sign in to the Amazon Web Services access portal.
For information about how to sign in to the Amazon Web Services access portal, see Sign in to the Amazon Web Services access portal in the Amazon Sign-In User Guide. To learn about the sign-in process for the Amazon Web Services access portal, see Signing in to the Amazon Web Services access portal.