IAM identity center and Okta SSO

Hello,

AWS IAM Identity Center is ideally opted by customers when they are managing multiple AWS accounts. With this set up in AWS IAM Identity Center, customers can grant the users in their environment access to the accounts they need at the user or group level.

You can leverage IAM Identity Center by enabling it in the management account of the organization to govern access to the member accounts part of the same organization. When a user in IAM Identity Center is provisioned access to a account with a permission set, AWS creates a role with the same permissions in the respective account. This allows the user to federate into the account through this role and perform required operations. Permissions can be managed through users/groups, as per your convenience.

Customers often do shift to SSO (IAM Identity Center) mainly to reduce the overhead in setting up the identity providers in each account and to manage all accounts at a single place. IAM Identity Center can be leveraged depending on the paritcular use-case. If you are an administrator looking for an easier way to manage for access to multiple accounts, IAM Identity Center can be opted. Plus, it's free of cost.

Also, IAM and IAM Identity Center are two independent services. Hence, enabling IAM Identity Center will not destruct the already existing IAM users/setup in the account in any way. IAM Identity Center can be enabled in the management account of the organization and the existing account level IAM will continue to exist as usual. That said, the multiple tiles in Okta will also continue to exist as each application is integrated with different individual accounts setup.

For more information, please refer the AWS documentation -

[1] https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html

Thank you!