Integrating IAM Identity Center

With AWS IAM Identity Center, you can connect to identity providers (IdPs) and centrally manage access for users and groups across AWS analytics services. You can integrate identity providers such as Okta, Ping, and Microsoft Entra ID (formerly Azure Active Directory) with IAM Identity Center for users in your organization to access data using a single-sign on experience. IAM Identity Center also supports connecting additional third-party identity providers.

For more information see, Supported identity providers in the AWS IAM Identity Center User Guide.

You can configure AWS Lake Formation as an enabled application in IAM Identity Center, and data lake administrators can grant fine-grained permissions to authorized users and groups on AWS Glue Data Catalog resources.

Users from your organization can sign in to any Identity Center enabled application using your organization’s identity provider, and query datasets applying Lake Formation permissions. With this integration, you can manage access to AWS services, without creating multiple IAM roles.

Note

Trusted identity propagation allows users' existing user and group memberships to access data across all AWS analytics services. With trusted identity propagation, a user can sign in to an application, and the application can pass the user's identity in requests to access data in AWS services. You don't need to perform any service-specific identity provider configurations or IAM role setups. For more information, see Trusted identity propagation across application in the AWS IAM Identity Center User Guide.

For limitations, see IAM Identity Center integration limitations.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Lake Formation permissions reference

Prerequisites