Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using IAM Identity Center

Amazon Quick Suite Enterprise edition integrates with your existing directories, using either Microsoft Active Directory or single sign-on (IAM Identity Center) using Security Assertion Markup Language (SAML). You can use Amazon Identity and Access Management (IAM) to further enhance your security, or for custom options such as embedding dashboards.

In Quick Suite Standard edition, you can manage users entirely within Quick Suite. If you prefer, you can integrate with your existing users, groups, and roles in IAM.

You can use the following tools for identity and access to Amazon Quick Suite:

IAM Identity Center helps you securely create or connect your workforce identities and manage their access across Amazon accounts and applications.

Before you integrate your Amazon Quick Suite account with IAM Identity Center, set up IAM Identity Center in your Amazon account. If you haven't set up IAM Identity Center in your Amazon organization, see Getting started in the Amazon IAM Identity Center User Guide.

If you want to configure an external identity provider with IAM Identity Center, see Supported identity providers to view a list of supported identity providers' configuration steps.

Configure your Amazon Quick Suite account with IAM Identity Center

IAM Identity Center helps you securely create or configure your existing workforce identities and manage their access across Amazon accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization on Amazon for organizations of any size and type. To learn more about IAM Identity Center, see Amazon IAM Identity Center.

Configure Amazon Quick Suite and IAM Identity Center so that you can sign up for a new Amazon Quick Suite account with an IAM Identity Center configured identity source. With IAM Identity Center, you can configure your external identity provider as an identity source. You can also use IAM Identity Center as an identity store if you don't want to use a third-party identity provider with Amazon Quick Suite. Identity methods can't be changed after your account is created.

When you integrate your Amazon Quick Suite account with IAM Identity Center, Amazon Quick Suite account administrators can create a new Amazon Quick Suite account that automatically has the identity provider's groups available. This simplifies asset sharing at scale in Amazon Quick Suite.

Access to some sections of the Amazon Quick Suite administration console is restricted by IAM permissions. The following table summarizes the admin actions that you can perform in Amazon Quick Suite based on the access type that you choose.

To learn more how to sign up for an Amazon Quick Suite account with IAM Identity Center, see Signing up for an Amazon Quick Suite subscription.

The Amazon Quick Suite mobile app is not supported with Amazon Quick Suite accounts that are integrated with IAM Identity Center.

Considerations

The following actions permanently remove the ability for Amazon Quick Suite users to sign into Amazon Quick Suite. Amazon Quick Suite does not recommend that Amazon Quick Suite users perform these actions.