Does IAM Identity Center and AD Connector needs to be in a Organization Management Account or any member account?

0

We use AWS Organizations and planning to use IAM Identity Center with AD Connector to auth with corporate directory for AMG Grafana workspaces user access. AMG Grafana workspaces are provisioned in a member account. Question is, does IAM Identity Center needs to be provisioned in an org management account or can be setup in any member account? Share any links/resources supporting the correct answer. TIA

goshga
已提問 1 個月前檢視次數 121 次
2 個答案
0
已接受的答案

you can choose to delegate administration of IAM Identity Center to a member account in AWS Organizations

Enabling delegated administration provides the following benefits:

  • Minimizes the number of people who require access to the management account to help mitigate security concerns
  • Allows select administrators to assign users and groups to applications and to your organization's member accounts

https://docs.aws.amazon.com/singlesignon/latest/userguide/delegated-admin.html

profile picture
專家
已回答 1 個月前
profile picture
專家
A_J
已審閱 24 天前
  • The question still remains that for AMG Workspaces SSO, does IAM Identity Center must be in a managed/delegated account or it can be in any other account in the Org?

0

Looks like, AMG Workspaces only supports Org's managed account's IAM Identity Center for Auth not any account scoped instance, per my testing.

goshga
已回答 1 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南