Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Account level IAM vs IAM Identity Center

0

We have multiple AWS Accounts that all have their own individual IAM Users/Groups and permissions. These are all from acquisitions. We've created an AWS Organization and enabled all features.

My question is, when we add an external IDP for SSO, will the Users/Groups at the Account level IAM remain intact? Based on the documentation I believe they will, and at this point we can start migrating the Users/Groups out of the Account level IAM and into the Org level SSO?

Some of these accounts are critical and I just want to be really clear before I potentially make a huge mistake.

Topics
Management & GovernanceSecurity, Identity, & Compliance
Tags
AWS IAM Identity CenterAWS Identity and Access ManagementAWS OrganizationsAWS Account ManagementSecurity, Identity, & Compliance
Language
English
asked 3 years ago2.5K views
1 Answer
1
Accepted Answer

Correct, when you enable AWS IAM Identity Center (formerly SSO), nothing happens to your existing IAM users, groups, roles or policies in the accounts. You can continue to use them in parallel with SSO.

See this previously answered question: https://repost.aws/questions/QUfNomVCt5TCiac7oQoT8n0A/can-i-keep-existing-iam-users-and-add-sso-to-our-accounts

AWS
EXPERT
answered 3 years ago
EXPERT
reviewed 2 years ago
EXPERT
reviewed 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content