Workforce identity and access management

Securely manage access for your workforce and workloads

Overview

AWS gives you scalable, highly available, and resilient options for how and where you manage the lifecycle of identities and the ability to implement fine-grained access for your employees, services, and workloads. Workforce identity and access management on AWS enables you to modernize infrastructures and applications with native and partner identity solutions. With AWS, you have flexible administration capabilities and governance capabilities, such as preventative, detective, and proactive security controls, over applications and multi-account environments.

Benefits

AWS Identity Services allow your identity administrators to create identities directly in AWS or connect to an existing identity source, such as Microsoft Active Directory (AD), Okta, CyberArk, Ping Identity, JumpCloud, Azure AD, and other identity providers. With AWS IAM Identity Center, your employees can see their assigned permissions for AWS accounts and business applications from one place.  

AWS Identity Services enable you to grant the right access by selecting permissions from a library of AWS managed policies or create your own policies, designed for specific job functions and roles. AWS supports the use of role-based and attribute-based access controls to define and manage fine-grained access at scale. Fine-grained access controls can be applied to AWS resources, on-premises workloads, and applications used in AWS.

AWS Identity Services paired with AWS Cloud Governance Services give you the ability to perform cloud governance and access management at scale. You can create always-on boundaries to protect and strictly control access to data across AWS, specify what AWS Regions a builder can operate in, and what AWS services can be used. Your admins can centrally manage access across your environment with AWS Organizations and deploy brand new, multi-account environments using AWS Control Tower.

AWS Identity Services provide provable access analysis tools, such as IAM Access Analyzer, which help you continuously set, verify, and refine permissions toward least privilege. You can analyze the services and actions that your users and workloads use and then generate and test new policies before deploying to production. You can regularly review and remove unused permissions, users, and roles for further refinement. AWS Identity Services can extend and integrate with comprehensive AWS monitoring and observability services so you can audit access patterns in AWS.

Workforce identity and access management capabilities on AWS

AWS helps you implement and enforce the principle of least privilege on your Zero Trust journey. With access analysis tools, you can identify unused or excessive permissions across your AWS environment so that you can remove unnecessary access quickly and confidently.

With AWS IAM Identity Center, you can give workforce users single sign-on access to view and operate in assigned AWS accounts, AWS applications, SaaS applications, like Box or Salesforce. You can configure multi-factor authentication, perform user session management, configure single sign-on access to applications, and centrally configure and assign access across AWS.

Identity-centric controls in AWS offer coarse and fine-grained access control aligned to Zero Trust principles. You can implement organization-wide permissions so your workforce has the freedom to build with the resources they only need. You can establish always-on, preventative controls with a data perimeter, detective controls for real-time access events, and remediation on unintended access events. These controls help you keep your data protected across accounts, applications, and resources.

AWS enables you to connect your existing identity source to AWS, apply fine-grained access controls to AWS applications and resources, and begin building and modernizing by importing your existing users and groups. You can give workloads running outside of AWS access to AWS resources with IAM Roles Anywhere. AWS supports your transformation journey with standard and advanced administration tools for identity management and access control. 

You can manage, automate, and govern workload and workforce access granularly across AWS accounts. AWS gives you tools and resources to centralize identity and access management at scale and use industry standards and APIs to automate the management of users and groups, saving you time and administrative effort. With AWS Identity Services, you can automate account or identity creation and use integrated applications within AWS IAM Identity Center to share a consistent view of users and groups.