- Newest
- Most votes
- Most comments
You can use IAM Identity Center for single sign-on. While it supports AD and external identity providers such as Okta and Entra ID (Azure AD), you can use default IAM Identity Center directory to create and manage user accounts. To begin, you can start from tutorial Configure user access with the default IAM Identity Center directory. You can also use IAM Identity Center with Active Directory. See Connect a self-managed directory in Active Directory to IAM Identity Center
From IAM Identity Center, you can configure SSO into EC2 as per blog How to enable secure seamless single sign-on to Amazon EC2 Windows instances with AWS IAM Identity Center. Configure EC2 to be managed by Systems Manager.
Thanks Mike for your help. Do I have to use "IAM Identity Center" or "Identity and Access Management" can get me the same results? I have already created the users in the latter.
Also instructions for "Add administrative permissions" under "Configure user access with the default IAM Identity Center directory" doesn't seem correct. No option for "Multi-account permissions" in AWS Identity Center....
Thanks again! Yes, it make sense why I am not seeing "Multi-account permissions" on the left pane because I have a single AWS account with single organization. What I am confused about how can I do "Step 2: Add administrative permissions"? In other words, how can I "Select permission sets" when I don't have "Multi-account permissions" option n the left.
The blog at https://aws.amazon.com/blogs/security/introducing-aws-single-sign-on/ may help get you started. You may want to create a new post for other questions you may have.
Relevant content
- asked 5 months ago
- Accepted Answerasked 3 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 9 months ago
Hi EEHOA, you have to re-create the users in IAM Identity Center (IdC). Or you can connect IdC to your AD EC2 instance using AD connector. There is cost involved in using AD Connector. "Multi-account" does not refer to use logins, it refers to multiple AWS accounts.