Concepts

User

A user created in IAM Identity Center. You can associate an IAM Identity Center user with multiple accounts in your organization and configure permissions for the user. Then, you can log in to the system as the IAM Identity Center user to access resources of those accounts without repeated login.

Group

A logical combination of IAM Identity Center users. You can centrally authorize multiple users using groups for unified permissions management. Users added to a group automatically obtain the permissions granted to the group. If a user is added to multiple groups, the user inherits the permissions from all these groups.

Permission Sets

A permission set is a template created and maintained by an administrator. It defines one or more IAM policies. Permission sets simplify the assignment of account access for users and groups in IAM Identity Center. With permission sets, you do not need to configure permissions for accounts individually.

Management Account

The account (also known as the administrator) used to enable and create the IAM Identity Center instance, and manage all IAM Identity Center users and their access permissions in an organization.

Delegated Administrator

By default, only the Organizations management account can use and manage IAM Identity Center. The management account can delegate administration of IAM Identity Center to a member account in your organization to extend the ability to manage IAM Identity Center.

This operation will delegate IAM Identity Center administrative access permissions to users in this member account. All users who have sufficient permissions for the delegated administrator account can perform all IAM Identity Center administrative tasks from this account, except for:

Deleting IAM Identity Center
Registering other member accounts as delegated administrators
Managing assignments to the management account
Enabling or disabling access permissions of a user
Managing permission sets provisioned to the management account

User Portal

A single user portal URL for all of your IAM Identity Center users to log in to the management console and access assigned resources.

Previous topic: Notes and Constraints

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel