Manage access to applications
With Amazon IAM Identity Center, you can control who can have single sign-on access to your applications. Users get seamless access to these applications after they use their directory credentials to sign in.
IAM Identity Center securely communicates with these applications through a trusted relationship between IAM Identity Center and the application's service provider. This trust can be created in different ways, depending on the application type.
IAM Identity Center supports two application types: Amazon managed applications and customer managed applications. Amazon managed applications are configured directly from within the relevant application consoles or through the application APIs. Customer managed applications must be added to the IAM Identity Center console and configured with the appropriate metadata for both IAM Identity Center and the service provider.
After you configure applications to work with IAM Identity Center, you can manage which users or groups access the applications. By default, no users are assigned to applications.
You can also grant your employees access to the Amazon Web Services Management Console for a specific Amazon Web Services account in your organization. For more information, see Manage access to Amazon Web Services accounts.
Topics
- Amazon managed applications
- Customer managed applications
- Trusted identity propagation across applications
- Manage IAM Identity Center certificates
- Configure application properties in the IAM Identity Center console
- Assign user access to applications in the IAM Identity Center console
- Remove user access in the IAM Identity Center console
- Map attributes in your application to IAM Identity Center attributes