By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Identity Center + Multi account access connector

0

Hey Support,

We are going to be integration Identity Center with Multi account access connector for different environments like Dev, Prod, and Management account.

What I want to understand is. we currently already have this setup but we do not have SSO enabled. We want to start using Identity Center for SSO. Before we transition into using it. There are some questions I want to ask.

  1. Is there any potential issues if we integrate Identity Center, we will also be using SCIM as well.? Like how will it affect the current users, permissions, roles, policys when transferring ovewr? Will anything break from our current setup? Would the transition be smooth? Do we have to recreate groups/roles/permissions or it will be populated over? Do we have to reassign licenses?

Our current setup is by accessing a link/URL in which we type in the account ID and username to login. We want to Setup AWS Identity Center with Multi Account access connector on Okta. We have 3 environments, which is Dev, Prod, and Management.

Thanks alot and appreciate it!

Aaron

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity Center
Language
English
Aaron Lu
asked a year ago308 views
1 Answer
0

If you're using multiple accounts and want to leverage IAM Identity Center, then I would recommend at the very least enrolling all of those environments within the same AWS Organization so that you can leverage the same IAM IC for all of your identity and access needs.

From the IAM IC documentation:

IAM Identity Center provides support for the System for Cross-domain Identity Management (SCIM) v2.0 standard. SCIM keeps your IAM Identity Center identities in sync with identities from your IdP. This includes any provisioning, updates, and deprovisioning of users between your IdP and IAM Identity Center.

In terms of your existing users/permissions/roles -- your existing permission sets/roles/permissions will remain in tact, but you will be provisioning users from your IdP and mapping them to permissions once authenticated. If you're using IAM Users exclusively right now, you can roll out IAM IC and establish your user/permission set mappings without affecting that access. That being said, once you have your SSO tuned the way you want it, I would recommend using that method exclusively for managing access to your environment.

AWS
tparrott
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content