By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Does IAM Identity Center and AD Connector needs to be in a Organization Management Account or any member account?

0

We use AWS Organizations and planning to use IAM Identity Center with AD Connector to auth with corporate directory for AMG Grafana workspaces user access. AMG Grafana workspaces are provisioned in a member account. Question is, does IAM Identity Center needs to be provisioned in an org management account or can be setup in any member account? Share any links/resources supporting the correct answer. TIA

Topics
Management & GovernanceSecurity, Identity, & Compliance
Tags
Amazon GrafanaAWS IAM Identity Center
Language
English
goshga
asked a year ago299 views
2 Answers
0
Accepted Answer

you can choose to delegate administration of IAM Identity Center to a member account in AWS Organizations

Enabling delegated administration provides the following benefits:

  • Minimizes the number of people who require access to the management account to help mitigate security concerns
  • Allows select administrators to assign users and groups to applications and to your organization's member accounts

https://docs.aws.amazon.com/singlesignon/latest/userguide/delegated-admin.html

profile picture
EXPERT
Oleksii Bebych
answered a year ago
profile picture
EXPERT
Adeleke Adebowale Julius
reviewed a year ago
  • goshga
    a year ago

    The question still remains that for AMG Workspaces SSO, does IAM Identity Center must be in a managed/delegated account or it can be in any other account in the Org?

0

Looks like, AMG Workspaces only supports Org's managed account's IAM Identity Center for Auth not any account scoped instance, per my testing.

goshga
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content