- Newest
- Most votes
- Most comments
If you're using multiple accounts and want to leverage IAM Identity Center, then I would recommend at the very least enrolling all of those environments within the same AWS Organization so that you can leverage the same IAM IC for all of your identity and access needs.
From the IAM IC documentation:
IAM Identity Center provides support for the System for Cross-domain Identity Management (SCIM) v2.0 standard. SCIM keeps your IAM Identity Center identities in sync with identities from your IdP. This includes any provisioning, updates, and deprovisioning of users between your IdP and IAM Identity Center.
In terms of your existing users/permissions/roles -- your existing permission sets/roles/permissions will remain in tact, but you will be provisioning users from your IdP and mapping them to permissions once authenticated. If you're using IAM Users exclusively right now, you can roll out IAM IC and establish your user/permission set mappings without affecting that access. That being said, once you have your SSO tuned the way you want it, I would recommend using that method exclusively for managing access to your environment.
Relevant content
- Accepted Answerasked 5 months ago
- asked a year ago
- asked 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago