AWS IAM Identity Center Reviews

Most enterprise companies use multiple AWS accounts, ranging from ten to hundreds. This separation allows for individual team environments and presents an identity and access management (IAM) challenge. 

To manage IAM centrally, AWS Identity Center, formerly known as AWS SSO, is used to set up federations with existing authentication systems, like Azure AD. This setup allows roles to be defined for various teams, such as DevOps and security, ensuring people have permissions tailored to their roles and departments.

AWS Identity Center simplifies the management of IAM at scale, reducing the risk of errors when managing permissions across multiple accounts. 

With federated access and centralized management, AWS Identity Center enhances the security posture by minimizing mistakes and ensuring consistent permission handling.

The most valuable feature of AWS Identity Center is its ability to centrally create permission templates, known as permission sets, which define AWS IAM roles. This allows for the automation of role creation and updates across all AWS accounts, saving significant time and reducing error risks, especially for large organizations.

The AWS Identity Center's user interface could be improved to provide a clearer understanding of how the system operates. 

Although the API side is well-developed, the console can be misleading, and improvements in presenting and simplifying the understanding of advanced features would be beneficial.

I have been working with AWS Identity Center since 2018, when it was known as AWS SSO, for about six years.

AWS Identity Center is stable and reliable. It works well consistently without any noticeable stability problems.

AWS Identity Center scales very well. At scale, the challenge lies more in managing permissions across numerous users and resources rather than a limitation of the product itself.

The documentation and resources available for AWS Identity Center are extensive and well-developed. I have not needed to contact AWS support for issues related to Identity Center as the documentation adequately covers most queries.

Positive

Prior to AWS Identity Center, managing IAM involved setting up federations manually for each AWS account, which was time-consuming and complex. AWS Identity Center significantly reduces this complexity and effort.

For individuals, AWS Identity Center's initial setup is quick and simple, taking only a few minutes. 

For companies requiring federation with existing authentication solutions, the setup is more complex but well-documented.

AWS Identity Center is free, making it a cost-effective solution for managing IAM permissions and federations.

There was no consideration of other solutions given the integration and effectiveness of AWS Identity Center within AWS environments.

If you are actively using AWS for production workloads and are not yet using AWS Identity Center, it's advisable to migrate sooner rather than later. AWS Identity Center simplifies permission management and scales usage effectively, saving significant time in managing user access.

I'd rate the solution eight out of ten.

I use the solution in my company to attach policies and roles. Amazon doesn't provide our company with all the permissions from a single source, so we need to create a role and attach the policy to give the right access to AWS services in order to ensure that everything works fine, or else it won't work properly.

As an IAM-based tool, the product provides users with policies created by AWS. Users can create their own policies on top of the ones provided by AWS and attach them to different resources, which is actually nice, making everything perfect in the solution.

AWS IAM Identity Center serves as an IAM solution that helps users give or revoke access whenever needed. Whenever you require access, creating the users, attaching those policies, and creating the roles can be done while having access to AWS Management Console or programmatic access. You can provide access to the right person to whom it should be provided in your company or revoke the access if required. Even for AWS resources, if you use any tools like AWS Lambda or other solutions, such products will work if the right access is provided. If you don't attach the correct policies, then it won't work even if you use the correct gateway. The user will have to deal with the permission denied part.

I don't think there is any need for improvement in the product since everything has been created architecturally by AWS. AWS has given all the features in the tool.

In the product, two groups cannot have the same name. There will be a conflict if the same name is provided to two groups in the tool. If you want to say something to another user, the tool fails to identify which group out of the two having the same name is involved in the activity. In general, the tool does not allow for the duplication of names. The aforementioned area can be considered for improvement in the product.

I have experience with AWS IAM Identity Center. I am a user of the tool.

It is a stable solution.

Everyone in my company uses the product.

With AWS IAM Identity Center, no installation procedure is involved.

AWS IAM Identity Center provides a document. Everything in the document helps our company create users, roles, and policies. By using the tool's documentation, our company can easily create users and give them access to those users, specifically if you have admin access. The one with the admin access can give access to other developers or any other person to whom you want to give access to AWS Management Console so that they can make use of it.

The solution is deployed on the cloud.

The product is cheap since it is available on the cloud. AWS IAM Identity Center does not fall under the services that my company provides continuously to our customers, but we do create users and give them access to AWS Management Console.

The product is easy for beginners to learn and use.

I recommended the product to those who plan to use it. I also suggest that people should use the product cautiously so that they don't end up giving access to unknown people. It is better to provide minimal access to others, meaning you should not provide others with all the privileges using the tool in order to ensure that there is no misuse of the access possible. With limited access, the user can only perform as per the role specified within the product.

If you have admin access, you can read the documentation. You can use the tool to create users and give them the right roles while ensuring that you provide them with read-only access so that they get to see what is there in the portal while being unable to write or modify anything. It is easy to learn and easy to create users and rules with the product.

All the features are already provided in the tool, so there is no need to do anything. Creating the users, roles, or policies can be done using the product. The tool also has pre-built policies. You can create policies just through visualization or JSON. If you want to create a policy, you can create it and attach it for different users. In the tool, my company uses the policy and roles for almost all the services so that we can give access to different users. In my company, it is good that we have everything controlled by AWS IAM Identity Center.

I rate the tool a nine out of ten.