Does IAM Identity Center and AD Connector needs to be in a Organization Management Account or any member account?

0

We use AWS Organizations and planning to use IAM Identity Center with AD Connector to auth with corporate directory for AMG Grafana workspaces user access. AMG Grafana workspaces are provisioned in a member account. Question is, does IAM Identity Center needs to be provisioned in an org management account or can be setup in any member account? Share any links/resources supporting the correct answer. TIA

goshga
preguntada hace un mes124 visualizaciones
2 Respuestas
0
Respuesta aceptada

you can choose to delegate administration of IAM Identity Center to a member account in AWS Organizations

Enabling delegated administration provides the following benefits:

  • Minimizes the number of people who require access to the management account to help mitigate security concerns
  • Allows select administrators to assign users and groups to applications and to your organization's member accounts

https://docs.aws.amazon.com/singlesignon/latest/userguide/delegated-admin.html

profile picture
EXPERTO
respondido hace un mes
profile picture
EXPERTO
A_J
revisado hace un mes
  • The question still remains that for AMG Workspaces SSO, does IAM Identity Center must be in a managed/delegated account or it can be in any other account in the Org?

0

Looks like, AMG Workspaces only supports Org's managed account's IAM Identity Center for Auth not any account scoped instance, per my testing.

goshga
respondido hace un mes

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas