- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
It is not currently possible to do this in one AWS Organization. Each AWS Organization can have one and only one AWS IAM Identity Center, and IAM Identity Center only supports one Identity Provider at a time.
You would have to split out those Security accounts into their own AWS Organization if you wanted those accounts to have their own separate IAM Identity Center.
Yes, it is possible to have multiple IAM Identity Centers using different AWS Directory Services to manage SSO to different sets of accounts within the same AWS Organization. You can delegate access to the Security team to set up their own independent IAM Identity Center based on a separate AWS Directory Service that they control. This would allow them to have the benefits of SSO in their accounts while maintaining their independence from the Cloud Engineering/IT team. By having multiple IAM Identity Centers, you can provide SSO to different teams and maintain the necessary level of security and independence.
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 3 Jahren