Enable single sign-on access to your Amazon EC2 Windows instances - Amazon IAM Identity Center
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Enable single sign-on access to your Amazon EC2 Windows instances

You can enable single sign-on access to your Amazon EC2 Windows instances if you're an application administrator who manages users in the Identity Center directory (the default identity source for IAM Identity Center) or a supported external identity provider (IdP), and you must provide IAM Identity Center access to your Amazon EC2 Windows desktops from the Amazon Fleet Manager console.

With this configuration, you can securely access your Amazon EC2 Windows instances with existing corporate credentials. You don't need to share administrator credentials, access credentials multiple times, or configure remote access client software. You can centrally grant and revoke access to your Amazon EC2 Windows instances at scale across multiple Amazon Web Services accounts. For example, if you remove an employee from your IAM Identity Center integrated identity source, they automatically lose access to all Amazon resources, including Amazon EC2 Windows instances.

For more information, see How to enable secure seamless single sign-on to Amazon EC2 Windows instances with IAM Identity Center.

For a demonstration of how to configure IAM Identity Center to enable this capability, see Enabling Single Sign-on to Amazon EC2 Windows with IAM Identity Center.