Remove user and group access to an Amazon Web Services account - Amazon IAM Identity Center
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Remove user and group access to an Amazon Web Services account

Use this procedure to remove single sign-on access to an Amazon Web Services account for one or more users and groups in your connected directory. Alternatively, you can use the delete-account-assignment Amazon CLI.

Note

When you need to deprovision IAM Identity Center users or groups, you should first remove any assignments of permission sets from your users and groups before deleting the users and groups.

To remove user and group access to an Amazon Web Services account

  1. Open the IAM Identity Center console.

  2. In the navigation pane, under Multi-account permissions, choose Amazon Web Services accounts.

  3. On the Amazon Web Services accounts page, a tree view list of your organization appears. Select the name of the Amazon Web Services account that contains the users and groups for whom you want to remove single sign-on access.

  4. On the Overview page for the Amazon Web Services account, under Assigned users and groups, select the name of one or more users or groups, and choose Remove access.

  5. In the Remove access dialog box, confirm that the names of the users or groups are correct, and choose Remove access.