latha koneru:
Hi, I am sorry if this is a basic question but I cant understand what is IAM identity provider?? when to use it?? why use it when we have AWS directory service, I thought active directory is Identity Provider. Can someone explain the basic difference between these two aws services. Thank you.
Alistair Mackay:
IAM Identity Provider (IdP) is part of the built-in AWS single sign-on https://aws.amazon.com/iam/identity-center which uses IAM as the source of truth for user accounts.
You won’t use that if you federate Active Directory with AWS, then Active Directory takes over as the IdP. You can use the AWS managed Active Directory service, or an external corporate Active Directory. The latter is how many businesses set up their user authentication for AWS accounts.
An IdP is the single source of truth for all user accounts in a federated system.
latha koneru:
Oh ok , thank you for explaining.