Amazon IAM Identity Center · Capability
Amazon IAM Identity Center - Identity and Access Management
Unified capability for IT administrators to manage workforce identities, provision access to AWS accounts, and configure SSO for enterprise applications.
What You Can Do
GET
List users
— List users in the identity store
/v1/users
GET
List groups
— List groups in the identity store
/v1/groups
GET
List permission sets
— List all permission sets
/v1/permission-sets
POST
Create account assignment
— Assign access to a user or group for an AWS account
/v1/account-assignments
MCP Tools
list-users
List workforce users in the identity store
read-only
create-user
Create a new workforce user in IAM Identity Center
list-groups
List user groups in the identity store
read-only
create-group
Create a new group for organizing users
list-instances
List SSO instances in the account
read-only
list-permission-sets
List permission sets for assigning AWS account access
read-only
create-permission-set
Create a permission set defining what access a user gets to an AWS account
assign-account-access
Assign a permission set to a user or group for an AWS account
remove-account-access
Remove a user or group's access to an AWS account
APIs Used
sso-admin
identitystore