Amazon IAM Identity Center

AWS IAM Identity Center (successor to AWS Single Sign-On) is where you create, or connect, your workforce identities in AWS once and manage access centrally across your AWS organization. You can create user identities directly in IAM Identity Center, or bring them from Microsoft Active Directory, and then use IAM Identity Center to manage user access to AWS accounts and business applications with single sign-on.

2 APIs 1 Capabilities 6 Features

Access ControlAuthenticationAWSIdentity ManagementSingle Sign-On

APIs

AWS IAM Identity Center SSO Admin API

Manages permission sets, account assignments, instances, and SSO configurations for centralized identity and access management across AWS accounts and organizations.

AWS IAM Identity Center Identity Store API

Manages users, groups, and group memberships in the IAM Identity Center identity store, enabling programmatic provisioning of workforce identities.

Capabilities

Run Capabilities with Naftiko — Deploy and orchestrate these API capabilities using Naftiko Fleet.

Run with Naftiko

Amazon IAM Identity Center - Identity and Access Management

Unified capability for IT administrators to manage workforce identities, provision access to AWS accounts, and configure SSO for enterprise applications.

Run with Naftiko

Run Capabilities with Naftiko — Deploy and orchestrate these API capabilities using Naftiko Fleet.

Run with Naftiko

Features

Workforce Identity Management

Create and manage workforce user identities directly or connect from an external identity provider.

Single Sign-On

Enable employees to sign in once and access all assigned AWS accounts and business applications.

Centralized Access Management

Manage access to multiple AWS accounts from a single place using permission sets.

External Identity Provider Integration

Connect Microsoft Active Directory, Okta, Azure AD, and other SAML 2.0 identity providers.

Permission Set Management

Define and reuse permission policies that can be assigned to users across multiple AWS accounts.

Automated Provisioning

Automatically provision and de-provision users and groups using SCIM 2.0.

Use Cases

Workforce SSO

Enable employees to access all AWS accounts and business apps with a single set of credentials.

Centralized AWS Account Access

Manage access to dozens or hundreds of AWS accounts from a single control plane.

Just-in-Time Access

Grant temporary elevated access to AWS accounts without permanent permissions.

Compliance and Audit

Centralize access logging and produce audit reports for security compliance reviews.

Integrations

Microsoft Active Directory

Sync users and groups from Active Directory for SSO and access management.

Okta

Connect Okta as an external identity provider using SAML 2.0 and SCIM.

Azure Active Directory

Federate with Azure AD for identity synchronization and SSO.

AWS Organizations

Manage access across all accounts in an AWS Organization from a single SSO configuration.

Semantic Vocabularies

Amazon Iam Identity Center Context

130 classes · 96 properties

JSON-LD

API Governance Rules

Amazon IAM Identity Center API Rules

18 rules · 9 errors 8 warnings 1 info

SPECTRAL

Resources

Documentation

TermsOfService

PrivacyPolicy

GitHubOrganization

GitHubOrganization

SpectralRules

NaftikoCapability

NaftikoCapability

NaftikoCapability

NaftikoCapability

NaftikoCapability

NaftikoCapability