Identity and access management for IAM Identity Center - Amazon IAM Identity Center
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Identity and access management for IAM Identity Center

Access to IAM Identity Center requires credentials that Amazon can use to authenticate your requests. Those credentials must have permissions to access Amazon resources, such as an Amazon managed application.

Authentication to the Amazon Web Services access portal is controlled by the directory that you have connected to IAM Identity Center. However, authorization to the Amazon Web Services accounts that are available to users from within the Amazon Web Services access portal is determined by two factors:

  1. Who has been assigned access to those Amazon Web Services accounts in the IAM Identity Center console. For more information, see Single sign-on access to Amazon Web Services accounts.

  2. What level of permissions have been granted to the users in the IAM Identity Center console to allow them the appropriate access to those Amazon Web Services accounts. For more information, see Create, manage, and delete permission sets.

The following sections explain how you as an administrator can control access to the IAM Identity Center console or can delegate administrative access for day-to-day tasks from the IAM Identity Center console.

Authentication

Learn how to access Amazon using IAM identities.

Access control

You can have valid credentials to authenticate your requests, but unless you have permissions, you can't create or access IAM Identity Center resources. For example, you must have permissions to create an IAM Identity Center connected directory.

The following sections describe how to manage permissions for IAM Identity Center. We recommend that you read the overview first.