Manage identities in IAM Identity Center
IAM Identity Center provides the following capabilities for your users and groups:
-
Create your users and groups.
-
Add your users as members to the groups.
-
Assign the groups with the desired level of access to your AWS accounts and applications.
To manage users and groups in the IAM Identity Center store, AWS supports the API operations listed in Identity Center Actions.
Provisioning when users are in IAM Identity Center
When you create users and groups directly in IAM Identity Center, provisioning is automatic. These identities are immediately available for use in making assignments and for use by applications. For more information, see User and group provisioning.
Changing your identity source
If you prefer to manage users in AWS Managed Microsoft AD, you can stop using your Identity Center directory at any time and instead connect IAM Identity Center to your directory in Microsoft AD by using AWS Directory Service. For more information, see considerations for Changing between IAM Identity Center and Active Directory.
If you prefer to manage users in an external identity provider (IdP), you can connect IAM Identity Center to your IdP and enable automatic provisioning. For more information, see considerations for Changing from IAM Identity Center to an external IdP.
Topics
- Add users to your Identity Center directory
- Add groups to your Identity Center directory
- Add users to groups
- Delete groups in IAM Identity Center
- Delete users in IAM Identity Center
- Disable user access to AWS accounts and applications in IAM Identity Center
- Edit Identity Center directory user properties
- Reset the IAM Identity Center user password for an end user
- Email one-time password to users created with API
- Password requirements when managing identities in IAM Identity Center
