By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Multi IAM Identity Center for different set of accounts within the same AWS Organization

0

Hello we have an organization with several AWS accounts under and we are in the process of adding SSO to them with AWS IAM Identity Center. However that is a cluster of this accounts that belongs to our Security People which we want to keep independent from; yet they would like to have the benefits of SSO in their accounts if possible. So, Is it possible to delegate so that they can have their own independent Directory Service based IAM Identity Center to use only on their accounts? To sum this up; we would like to have multiple IAM Identity Center (by different AWS Directory Services on different accounts) to manage SSO to different sets of accounts within the same AWS Organization. This would allow to fully keep our Infosec folks fully independent from out Cloud Engineering/ IT people while providing SSO to the different teams.

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
Security, Identity, & ComplianceAWS Identity and Access ManagementAWS OrganizationsAWS IAM Identity CenterAWS Account Management
Language
English
rdvt-carnifex
asked a year ago1772 views
2 Answers
1

It is not currently possible to do this in one AWS Organization. Each AWS Organization can have one and only one AWS IAM Identity Center, and IAM Identity Center only supports one Identity Provider at a time.

You would have to split out those Security accounts into their own AWS Organization if you wanted those accounts to have their own separate IAM Identity Center.

or-3
answered a year ago
0

Yes, it is possible to have multiple IAM Identity Centers using different AWS Directory Services to manage SSO to different sets of accounts within the same AWS Organization. You can delegate access to the Security team to set up their own independent IAM Identity Center based on a separate AWS Directory Service that they control. This would allow them to have the benefits of SSO in their accounts while maintaining their independence from the Cloud Engineering/IT team. By having multiple IAM Identity Centers, you can provide SSO to different teams and maintain the necessary level of security and independence.

AWS_Guy
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content