# Step 2: Set Up Root and Administrative Users
<a name="getting-started-setup-users"></a>

When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, [assign administrative access to an administrative user](https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html) and use the root user only to perform [tasks that require root user access](https://docs.aws.amazon.com/IAM/latest/UserGuide/root-user-tasks.html).

## Secure Your AWS Account Root User
<a name="setup-users-secure-root-user"></a>

1. To sign in as the administrative user in the IAM Identity Center, use the sign-in URL that was sent to your email address when you created the IAM Identity Center user. For help signing in using an IAM Identity Center user, see [Signing in to the AWS access portal](https://docs.aws.amazon.com/signin/latest/userguide/iam-id-center-sign-in-tutorial.html) in the *AWS Sign-In User Guide*.

   For help signing in using root user, see [Signing in as the root user](https://docs.aws.amazon.com/signin/latest/userguide/console-sign-in-tutorials.html#introduction-to-root-user-sign-in-tutorial) in the *AWS Sign-In User Guide*.

1. Turn on multi-factor authentication (MFA) for your root user.

   For instructions, see [Enable a virtual MFA device for your AWS account root user (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html#enable-virt-mfa-for-root) in the *IAM User Guide*.

## Create an Administrative User
<a name="setup-users-create-admin-user"></a>

You should create an administrative user so that you do not use the root user for everyday tasks.
+ For your daily administrative tasks, assign administrative access to an administrative user in AWS IAM Identity Center (successor to AWS Single Sign-On). For instructions, see [Getting started](https://docs.aws.amazon.com/singlesignon/latest/userguide/getting-started.html) in the *AWS IAM Identity Center (successor to AWS Single Sign-On) User Guide*.
+ To sign in as the administrative user in the IAM Identity Center, use the sign-in URL that was sent to your email address when you created the IAM Identity Center user. For help signing in using an IAM Identity Center user, see [Signing in to the AWS access portal](https://docs.aws.amazon.com/signin/latest/userguide/iam-id-center-sign-in-tutorial.html) in the *AWS Sign-In User Guide*.