Does IAM Identity Center and AD Connector needs to be in a Organization Management Account or any member account?

0

We use AWS Organizations and planning to use IAM Identity Center with AD Connector to auth with corporate directory for AMG Grafana workspaces user access. AMG Grafana workspaces are provisioned in a member account. Question is, does IAM Identity Center needs to be provisioned in an org management account or can be setup in any member account? Share any links/resources supporting the correct answer. TIA

2 Answers
0
Accepted Answer

you can choose to delegate administration of IAM Identity Center to a member account in AWS Organizations

Enabling delegated administration provides the following benefits:

  • Minimizes the number of people who require access to the management account to help mitigate security concerns
  • Allows select administrators to assign users and groups to applications and to your organization's member accounts

https://docs.aws.amazon.com/singlesignon/latest/userguide/delegated-admin.html

profile picture
EXPERT
answered a month ago
profile picture
EXPERT
A_J
reviewed 24 days ago
  • The question still remains that for AMG Workspaces SSO, does IAM Identity Center must be in a managed/delegated account or it can be in any other account in the Org?

0

Looks like, AMG Workspaces only supports Org's managed account's IAM Identity Center for Auth not any account scoped instance, per my testing.

goshga
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions