By using AWS re:Post, you agree to the Terms of Use

Account level IAM vs IAM Identity Center


We have multiple AWS Accounts that all have their own individual IAM Users/Groups and permissions. These are all from acquisitions. We've created an AWS Organization and enabled all features.

My question is, when we add an external IDP for SSO, will the Users/Groups at the Account level IAM remain intact? Based on the documentation I believe they will, and at this point we can start migrating the Users/Groups out of the Account level IAM and into the Org level SSO?

Some of these accounts are critical and I just want to be really clear before I potentially make a huge mistake.

1 Answer
Accepted Answer

Correct, when you enable AWS IAM Identity Center (formerly SSO), nothing happens to your existing IAM users, groups, roles or policies in the accounts. You can continue to use them in parallel with SSO.

See this previously answered question:

profile picture
answered 9 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions