Home > Foundational > Centralized user repository

Centralized user repository

It is recommended to use centralized user repositories such as AWS Directory Services (Active Directory/SimpleAD), Okta, Auth0, PingIdentity, OneLogin, Azure Active Directory, IBM Cloud Identity, etc. ideally integrated to AWS IAM Identity Center (succesor to AWS Single Sign-On) to provide temporary credentials to users accessing AWS.

It is also important that the repository is integrated with the human resources management system to propagate employee terminations (either through an identity management system or directly into the centralized authentication repository).

AWS IAM Identity Center (succesor to AWS Single Sign-On)

Well Architected Framework Recommendation Mapping

Rely on a centralized identity provider
Use temporary credentials

Pricing

AWS IAM Identity Center (succesor to AWS Single Sign-On) is a free AWS service that makes it easy to manage identities across multiple accounts.