Integrating IAM Identity Center
With AWS IAM Identity Center, you can connect to identity providers (IdPs) and centrally manage access for users and groups across AWS analytics services. You can integrate identity providers such as Okta, Ping, and Microsoft Entra ID (formerly Azure Active Directory) with IAM Identity Center for users in your organization to access data using a single-sign on experience. IAM Identity Center also supports connecting additional third-party identity providers.
For more information see, Supported identity providers in the AWS IAM Identity Center User Guide.
You can configure AWS Lake Formation as an enabled application in IAM Identity Center, and data lake administrators can grant fine-grained permissions to authorized users and groups on AWS Glue Data Catalog resources.
Users from your organization can sign in to any Identity Center enabled application using your organization’s identity provider, and query datasets applying Lake Formation permissions. With this integration, you can manage access to AWS services, without creating multiple IAM roles.
Note
Trusted identity propagation allows users' existing user and group memberships to access data across AWS analytics services. With trusted identity propagation, a user can sign in to an application, and the application can pass the user's identity in requests to access data in AWS services. You don't need to perform any service-specific identity provider configurations or IAM role setups. Users can't sign in to the AWS Management Console using the trusted identity propagation. For more information, see Trusted identity propagation across application in the AWS IAM Identity Center User Guide.
For limitations, see IAM Identity Center integration limitations.
Topics
- Prerequisites for IAM Identity Center integration with Lake Formation
- Connecting Lake Formation with IAM Identity Center
- Updating IAM Identity Center integration
- Deleting a Lake Formation connection with IAM Identity Center
- Granting permissions to users and groups
- Including IAM Identity Center user context in CloudTrail logs