Overview

Think of AWS IAM Identity Center as a secure front door to all your AWS resources. Instead of managing separate usernames and passwords for each AWS account or application, users get a single set of login credentials that work everywhere they need to go.

The service acts as a central hub where administrators can:

Create and manage user accounts for their organization
Control which AWS accounts and applications each user can access
Set up single sign-on (SSO) for popular business applications like Salesforce or Office 365
Enforce security policies like multi-factor authentication across all accounts

If you are new to AWS, you may mistakenly think IAM Identity Center is the way to manage access to your AWS accounts, confusingly, it is not, it is neither the only way or the default way. By default an AWS account will use the very similarly named AWS IAM (Identity and Access Management) so understanding these are different is very important as an AWS Administrator and before taking AWS Certifications.

For large organizations with multiple AWS accounts, IAM Identity Center dramatically simplifies access management and improves security by reducing the number of passwords users need to remember.

A guide is attached to more thoroughly explain the differences, and take you through the procedure to move from IAM to IAM Identity Center if you wish to do so.

Example uses

Multi-Account Access: A developer needs to work across development, staging, and production AWS accounts. Instead of managing separate credentials for each account, they log in once through IAM Identity Center and can switch between accounts easily.
Application Access: An organization uses various cloud applications like Slack, Dropbox, and Office 365. Users can access all these apps through a single portal with their IAM Identity Center credentials.
Temporary Access: A consultant needs temporary access to specific AWS resources. Administrators can grant time-limited access through IAM Identity Center without creating permanent credentials.
Team-Based Access: A company wants to give their marketing team access to specific AWS services like S3 for managing website content. They can create a group in IAM Identity Center, add marketing team members, and assign appropriate permissions.

Integration with other AWS services

IAM Identity Center works seamlessly with many AWS services:

Similar services in other clouds

Azure Active Directory: Microsoft's identity and access management service for Azure cloud
Google Cloud Identity: Google's unified identity and access management platform
Okta: A popular third-party identity management service that works across multiple cloud providers

AWS IAM Identity Center

Documents

Switching to/Enabling the AWS Identity Center