Manage your identity source - Amazon IAM Identity Center
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Manage your identity source

Your identity source in IAM Identity Center defines where your users and groups are managed. After you configure your identity source, you can look up users or groups to grant them single sign-on access to Amazon Web Services accounts applications, or both.

You can have only one identity source per organization in Amazon Organizations. You can choose one of the following as your identity source:

  • Identity Center directory – When you enable IAM Identity Center for the first time, it is automatically configured with an Identity Center directory as your default identity source. This is where you create your users and groups, and assign their level of access to your Amazon Web Services accounts and applications.

  • Active Directory – Choose this option if you want to continue managing users in either your Amazon Managed Microsoft AD directory using Amazon Directory Service or your self-managed directory in Active Directory (AD).

  • External identity provider – Choose this option if you want to manage users in an external identity provider (IdP) such as Okta or Microsoft Entra ID.


IAM Identity Center does not support SAMBA4-based Simple AD as an identity source.