I need a way to enable IAM Identity Center programmatically

Hi joppe,
Unfortunately, there's no API for enabling your organization's Identity Center. However, once created via the console, there are APIs operations available for IAM Identity Center. If you have an AWS account team, then please ask them if this is on the roadmap, or if it can be added.

Best regards,
Randy

To enable IIC, you need to configure things on the AWS side and configure things on the external Identity Provider (IdP) side.

AWS side of configuration can be achieved programmatically with API/CLI/CDK/IaC

If IdP side also gives you an option for programmability, then I see why not? For example, if you use MS Entra (formally MS AzureAD) as IdP, they have enough programmability hooks using their own API/CLI/PowerShell etc.

You will end up writing a script in Python/PowerShell (or similar) or a binary executable that will make internal calls to both systems using their programmability hooks. I believe your script/executable will need to have a few places of "wait until a configuartion task has completed" using a synchronous loop, before you move on to configuring the next task that depends on the previous task's result.

Like the other guy said there’s no api to do it, have to use the console. I’ve actually seen an instance where someone created their identity center “instance” so long ago and never used it, that it didn’t have any of the features released since then, like the auto update never happened on their backend. I had to delete the instance and recreate it to get stuff working again. Some stuff u just need to use the console for, like authorizing a cross account redshift datashare.