Customer managed applications

IAM Identity Center acts as a central identity service to your workforce users and groups. If you already use an identity provider (IdP), IAM Identity Center can integrate with your IdP so that you can provision your users and groups into IAM Identity Center and use your IdP for authentication. With a single connection, IAM Identity Center represents your IdP in front of multiple AWS services and enables your OAuth 2.0 applications to request access to data in these services on behalf of your users. You can also use IAM Identity Center to assign your users access to SAML 2.0 applications.

If your application supports JSON Web Tokens (JWTs), you can use the trusted identity propagation feature of IAM Identity Center to enable your application to request access to data in AWS services on behalf of your users. Trusted identity propagation is built on the OAuth 2.0 Authorization Framework and includes an option for applications to exchange identity tokens that come from an external OAuth 2.0 authorization server for tokens issued by IAM Identity Center and recognized by AWS services. For more information, see Trusted identity propagation use cases and Using trusted identity propagation with customer managed applications.
If your application supports SAML 2.0, you can connect it to an organization instance of IAM Identity Center. You can use IAM Identity Center to assign access to your SAML 2.0 application.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Disabling an AWS managed application

SAML 2.0 and OAuth 2.0 applications