1 Answer
- Newest
- Most votes
- Most comments
0
Each account can have its own IDP configuring within IAM for use in certain scenarios such as VPN SSO. Each account can also have its own idenity centre configuration
Option 1 - IAM IDP Federation in each account https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers.html#id_roles_providers_iam https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html
Option 2 - Account Instance Identity centre deployment in each account with SSO federation https://aws.amazon.com/blogs/security/how-to-use-multiple-instances-of-aws-iam-identity-center/
See case 5
Case 5: An AWS Organizations deployment with an organization instance can opt-in to having account instances in member accounts in the organization.
Relevant content
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 21 days ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago