By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Account level IAM vs IAM Identity Center

0

We have multiple AWS Accounts that all have their own individual IAM Users/Groups and permissions. These are all from acquisitions. We've created an AWS Organization and enabled all features.

My question is, when we add an external IDP for SSO, will the Users/Groups at the Account level IAM remain intact? Based on the documentation I believe they will, and at this point we can start migrating the Users/Groups out of the Account level IAM and into the Org level SSO?

Some of these accounts are critical and I just want to be really clear before I potentially make a huge mistake.

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
Security, Identity, & ComplianceAWS Identity and Access ManagementAWS OrganizationsAWS IAM Identity CenterAWS Account Management
Language
English
rePost-User-2780601
asked 2 years ago2177 views
1 Answer
1
Accepted Answer

Correct, when you enable AWS IAM Identity Center (formerly SSO), nothing happens to your existing IAM users, groups, roles or policies in the accounts. You can continue to use them in parallel with SSO.

See this previously answered question: https://repost.aws/questions/QUfNomVCt5TCiac7oQoT8n0A/can-i-keep-existing-iam-users-and-add-sso-to-our-accounts

profile pictureAWS
EXPERT
Matt-B
answered 2 years ago
profile picture
EXPERT
Oleksii Bebych
reviewed 4 days ago
profile picture
EXPERT
Sedat Salman
reviewed 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content