AWS IAM Identity Center users and AWS IAM users



Can somebody tell me the difference between the AWS IAM Identity Center users and AWS IAM users with examples?

Thanks, Monica

1 Answer

Hi Monica, I would define Identity Center (IIC)as a layer on top of IAM to efficiently manage identities across multiples accounts and applications. So IIC can be very useful when you work on large configs with multiple accounts. It helps in having an efficient management of IAM users and policies in each account. When you are in a single account, it helps in having identities managed in a single place by allowing import from a 3rd-party identity provided.

Identity Center is coupled with AWS Organizations (see which allows you to efficiently manage multiple accounts used by a single organization / corporation.

IIC was previously known as Single-Single On (SSO). SSO is clearly one of the benefits of IIC: you define your identities once and they can be used in N places instead of duplicating management effort.

About your examples:

  1. Same identities used in multiple accounts
  2. Same applications used with multiple applications. A whole list of 3rd party applications are IIC-enabled:
  3. A good consequence of 1. & 2. is uniqueness of identities:
  4. Management of permission sets replicated across accounts:
  5. Integration of an existing company-wide (on-premise: MS AD - 3rd party: PingIdentity, JumpCloud) identity management system to also manage uniformly AWS identities:

I would also recommend reading this excellent article by Jumpcloud (which is one of the identity providers supported by IIC):

Hope it helps!


profile pictureAWS
answered 10 months ago
profile picture
reviewed 14 days ago
  • Hello Didier,

    Thanks for the explanation, it's really helpful. I have some questions:-

    Can we see users that we have created in IAM users in IAM identity Center? When we have create users in identity center and when in IAM users? Let suppose i am going to start up a company and we have to give certain permission to our developers so, in that case where we have to create developer group and users in IIC or in IAM? And if i create it in IAM can i see all the added users or developers in IIC page? Thanks, Monica

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions