Manage your identity source

Your identity source in IAM Identity Center defines where your users and groups are managed. After you configure your identity source, you can look up users or groups to grant them single sign-on access to Amazon Web Services accounts, applications, or both.

You can have only one identity source per organization in Amazon Organizations. You can choose one of the following as your identity source:

External identity provider – Choose this option if you want to manage users in an external identity provider (IdP) such as Okta or Microsoft Entra ID.
Active Directory – Choose this option if you want to continue managing users in either your Amazon Managed Microsoft AD directory using Amazon Directory Service or your self-managed directory in Active Directory (AD).
Identity Center directory – When you enable IAM Identity Center for the first time, it's automatically configured with an Identity Center directory as your default identity source unless you choose a different identity source. With the Identity Center directory, you create your users and groups, and assign their level of access to your Amazon Web Services accounts and applications.

Note

IAM Identity Center does not support SAMBA4-based Simple AD as an identity source.

Topics

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Users, groups, and provisioning

Considerations for changing your identity source