Manage your identity source

Your identity source in IAM Identity Center defines where your users and groups are managed. After you configure your identity source, you can look up users or groups to grant them single sign-on access to Amazon Web Services accounts applications, or both.

You can have only one identity source per organization in Amazon Organizations. You can choose one of the following as your identity source:

Identity Center directory – When you enable IAM Identity Center for the first time, it is automatically configured with an Identity Center directory as your default identity source. This is where you create your users and groups, and assign their level of access to your Amazon Web Services accounts and applications.
Active Directory – Choose this option if you want to continue managing users in either your Amazon Managed Microsoft AD directory using Amazon Directory Service or your self-managed directory in Active Directory (AD).
External identity provider – Choose this option if you want to manage users in an external identity provider (IdP) such as Okta or Microsoft Entra ID.

Note

IAM Identity Center does not support SAMBA4-based Simple AD as an identity source.

Topics

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Users, groups, and provisioning

Considerations for changing your identity source