AWS IAM Identity Center Provisioner

The AWS IAM Identity Center Provisioner allows PingFederate to integrate with Amazon’s AWS IAM Identity Center service for provisioning and single sign-on (SSO).

Features

Manages users in AWS IAM Identity Center based on changes in a datastore that is attached to PingFederate.
- Creates, updates, disables, and deletes users.
- Allows you to enable the create, update, disable, and delete capabilities independently.
- Allows you to provision disabled users.
- Allows you to choose whether to disable or delete users when deprovisioning.
Manages groups in AWS IAM Identity Center based on changes in an external data store that is attached to PingFederate.
- Creates and deletes groups.
- Updates group memberships.
Enables browser-based SSO initiated by the service provider (SP) or identity provider (IdP).
Pre-populates some connection settings with the included quick connection template.

Intended audience

This document is intended for PingFederate administrators.

If you need help during the setup process, see the following resources:

AWS IAM Identity Center documentation:
PingFederate documentation:

System requirements

PingFederate 9.0 or later.
An AWS IAM Identity Center administrator account.
To allow PingFederate to make outbound connections to the AWS IAM Identity Center API, you might need to allow the following domain in your firewall:
- https://aws.amazon.com