Remove user and group access to an AWS account

Use this procedure to remove single sign-on access to an AWS account for one or more users and groups in your connected directory. Alternatively, you can use the delete-account-assignment AWS CLI.

Note

When you need to deprovision IAM Identity Center users or groups, you should first remove any assignments of permission sets from your users and groups before deleting the users and groups.

To remove user and group access to an AWS account

Open the IAM Identity Center console.
In the navigation pane, under Multi-account permissions, choose AWS accounts.
On the AWS accounts page, a tree view list of your organization appears. Select the name of the AWS account that contains the users and groups for whom you want to remove single sign-on access.
On the Overview page for the AWS account, under Assigned users and groups, select the name of one or more users or groups, and choose Remove access.
In the Remove access dialog box, confirm that the names of the users or groups are correct, and choose Remove access.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Assign user access to AWS accounts

Revoke an active permission set session