# Organization and account instances of IAM Identity Center
An instance is a single deployment of IAM Identity Center. There are two types of instances available for IAM Identity Center: *organization instances* and *account instances*.
+ Organization instance (recommended)
An instance of IAM Identity Center that you enable in the Amazon Organizations management account. Organization instances support all features of IAM Identity Center. We recommend that you deploy an organization instance rather than account instances to minimize the number of management points.
+ Account instance
An instance of IAM Identity Center that is bound to a single Amazon Web Services account, and that is visible only within the Amazon Web Services account and Amazon Region in which it is enabled. Use an account instance for simpler, single-account scenarios. You can enable an account instance from either of the following:
+ An Amazon Web Services account that isn't managed by Amazon Organizations
+ A member account in Amazon Organizations
## Amazon Web Services account types that can enable IAM Identity Center
To enable IAM Identity Center, sign in to the Amazon Web Services Management Console by using one of the following credentials, depending on the instance type you want to create:
+ **Your Amazon Organizations management account (recommended)** – Required to create an [organization instance](organization-instances-identity-center.md) of IAM Identity Center. Use an organization instance for multi-account permissions and application assignments across the organization.
+ **Your Amazon Organizations member account** – Use to create an [account instance](account-instances-identity-center.md) of IAM Identity Center to enable application assignments within that member account. One or more accounts with a member level instance can exist in an organization.
+ **A standalone Amazon Web Services account** – Use to create an [organization instance](organization-instances-identity-center.md) or [account instance](account-instances-identity-center.md) of IAM Identity Center. The standalone Amazon Web Services account isn't managed by Amazon Organizations. You can associate only one instance of IAM Identity Center with a standalone Amazon Web Services account and use that instance for application assignments within that standalone Amazon Web Services account.
Use the following table to compare the capabilities provided by the instance type:
| Capability | Instance in the Amazon Organizations management account (recommended) | Instance in a member account | Instance in a standalone Amazon Web Services account |
| --- | --- | --- | --- |
| Manage users | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png) Yes | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png) Yes | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png) Yes |
| Amazon Web Services access portal for single-sign on access to your Amazon managed applications | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png) Yes | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png) Yes | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png) Yes |
| OAuth 2.0 (OIDC) customer managed applications | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png) Yes | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png)Yes | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png)Yes |
| Multi-account permissions | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png) Yes | ![\[No\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-no.png) No | ![\[No\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-no.png) No |
| Amazon Web Services access portal for single-sign on access to your Amazon Web Services accounts | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png) Yes | ![\[No\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-no.png) No | ![\[No\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-no.png) No |
| SAML 2.0 customer managed applications | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png) Yes | ![\[No\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-no.png) No | ![\[No\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-no.png) No |
| Delegated administrator can manage instance | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png) Yes | ![\[No\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-no.png) No | ![\[No\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-no.png) No |
| Encryption at rest using a customer-managed KMS key | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png) Yes | ![\[No\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-no.png) No | ![\[No\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-no.png) No |
| Replicating IAM Identity Center to additional Regions | ![\[Yes\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-yes.png) Yes | ![\[No\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-no.png) No | ![\[No\]](http://docs.amazonaws.cn/en_us/singlesignon/latest/userguide/images/icon-no.png) No |
For more information about Amazon managed applications and IAM Identity Center, see [Amazon managed applications that you can use with IAM Identity Center](awsapps-that-work-with-identity-center.md).
**Topics**
+ [Amazon Web Services account types that can enable IAM Identity Center](#identity-center-instances-account-types)
+ [Organization instances of IAM Identity Center](organization-instances-identity-center.md)
+ [Account instances of IAM Identity Center](account-instances-identity-center.md)
+ [Delete your IAM Identity Center instance](delete-config.md)