Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

IdP vs IDC: Key Differences

-2

How Does Identity Provider Differ from Identity Datacenter ?

  • Florian Turnwald EXPERT
    2 months ago

    If my answer helped understanding the diff between IdO and IDC, I would appreciate it if you click on “accepted answer”

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementSecurity, Identity, & Compliance
Language
English
asked 2 months ago63 views
1 Answer
3

1. Identity Provider (IdP)

An Identity Provider is a software service that creates, maintains, and manages identity information. Its primary job is Authentication (proving you are who you say you are) and Authorization (decining what you’re allowed to do).

  • Role: The "Gatekeeper."
  • Function: When you click "Login with Google" or use Okta to access your work apps, you are using an IdP. It issues digital tokens (like SAML or JWT) to tell other applications that you are verified.
  • Examples: Okta, Microsoft Entra ID (formerly Azure AD), Google Workspace, Auth0.2.

2. Identity Datacenter (IDC)

An Identity Datacenter (or Identity Center) is the physical or cloud-based infrastructure where identity data is stored and processed. It is the centralized "source of truth" for user attributes.

  • Role: The "Library."
  • Function: It holds the actual database of usernames, hashed passwords, biometrics, and group memberships. In modern cloud terms (like AWS IAM Identity Center), it’s the hub where you manage multiple accounts and permissions from a single spot.
  • Examples: AWS IAM Identity Center, a localized Active Directory server, or a dedicated secure database cluster.
FeatureIdentity Provider (IdP)Identity Datacenter (IDC)
Primary GoalTo verify users and grant access.To store and centralize identity data.
InteractionUsers interact with it every time they log in.Administrators interact with it to manage the user pool.
OutputSecurity Tokens (SAML, OIDC).User Profiles and Policy Objects.
AnalogyThe Passport Office checking your papers.The Database containing the national registry.

PS: Your question doesn't really have anything to do with AWS — it's more of a general technology question. I hope I explained it clearly nonetheless.

A Note on the AWS Context

While you mentioned this is a general technology question, the reason it often comes up in AWS discussions is due to the specific way AWS has named its services. In the past, you would connect an External IdP (like Okta) directly to AWS IAM. Now, AWS encourages using AWS IAM Identity Center (IDC) as a middleman. In this specific AWS architecture:

  • The IdP (Okta/Entra ID) remains the source of truth for your employees.
  • The IDC (AWS IAM Identity Center) acts as the central hub that receives those identities and distributes permissions across hundreds of different AWS accounts.

This setup is the industry standard because it prevents you from having to configure the "Gatekeeper" (IdP) for every single "Building" (AWS Account) individually. You connect the Gatekeeper once to the Center, and the Center handles the rest.

relevant links:

EXPERT
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content