AWS IAM Identity Center users and AWS IAM users

Hi Monica, I would define Identity Center (IIC)as a layer on top of IAM to efficiently manage identities across multiples accounts and applications. So IIC can be very useful when you work on large configs with multiple accounts. It helps in having an efficient management of IAM users and policies in each account. When you are in a single account, it helps in having identities managed in a single place by allowing import from a 3rd-party identity provided.

Identity Center is coupled with AWS Organizations (see https://aws.amazon.com/organizations/) which allows you to efficiently manage multiple accounts used by a single organization / corporation.

IIC was previously known as Single-Single On (SSO). SSO is clearly one of the benefits of IIC: you define your identities once and they can be used in N places instead of duplicating management effort.

About your examples:

1. Same identities used in multiple accounts
2. Same applications used with multiple applications. A whole list of 3rd party applications are IIC-enabled: https://docs.aws.amazon.com/singlesignon/latest/userguide/saasapps.html
3. A good consequence of 1. & 2. is uniqueness of identities: https://docs.aws.amazon.com/singlesignon/latest/userguide/users-groups-provisioning.html
4. Management of permission sets replicated across accounts: https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsetsconcept.html
5. Integration of an existing company-wide (on-premise: MS AD - 3rd party: PingIdentity, JumpCloud) identity management system to also manage uniformly AWS identities: https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source.html

I would also recommend reading this excellent article by Jumpcloud (which is one of the identity providers supported by IIC):

https://jumpcloud.com/blog/aws-iam-vs-aws-sso

Hope it helps!

Didier