AWS IAM Identity Center (SSO) - Centralized Single Sign-On

What is AWS IAM Identity Center?

AWS IAM Identity Center (formerly AWS SSO) provides centralized single sign-on for all AWS accounts and cloud applications. Users sign in once at the Identity Center portal and gain access to all assigned AWS accounts without needing separate IAM users in each account.

The service is free and integrates seamlessly with AWS Organizations. Permissions are centrally defined through Permission Sets and assigned at the account level.

Core Features

• Central SSO Portal: One portal for access to all AWS accounts and applications
• Permission Sets: Reusable permission templates applied to accounts
• Identity Provider Integration: SAML 2.0 and SCIM for Azure AD, Okta, OneLogin, and more
• CLI Access: Temporary credentials for AWS CLI and SDK through SSO authentication
• ABAC Support: Attribute-based access control using user attributes from the identity provider

Typical Use Cases

Multi-Account Access: Developers access development, staging, and production accounts through a central portal. Permission Sets define which permissions apply in which account.

Hybrid Identity: Organizations with existing Azure AD or Okta use SAML federation so employees can access AWS with their existing credentials without managing separate passwords.

Compliance and Audit: Centralized access management enables complete logging of all account access. CloudTrail captures every SSO sign-in for audit purposes.

Benefits

• Completely free with no user limits
• One portal for all AWS accounts and applications
• No IAM users required in individual accounts
• Temporary credentials instead of long-lived access keys

Integration with innFactory

As an AWS Reseller, innFactory supports you with AWS IAM Identity Center: multi-account SSO setup, identity provider integration, Permission Set design, and migration from IAM users to centralized SSO.