--- title: AWS IAM Identity Center Provisioner description: The AWS IAM Identity Center Provisioner allows PingFederate to integrate with Amazon's AWS IAM Identity Center service for provisioning and single sign-on (SSO). component: amazon page_id: amazon:aws_iam_identity_center_provisioner:pf_aws_singlesignon_connector canonical_url: https://docs.pingidentity.com/integrations/amazon/aws_iam_identity_center_provisioner/pf_aws_singlesignon_connector.html revdate: January 20, 2026 section_ids: features: Features intended-audience: Intended audience system-requirements: System requirements --- # AWS IAM Identity Center Provisioner The AWS IAM Identity Center Provisioner allows PingFederate to integrate with Amazon's AWS IAM Identity Center service for provisioning and single sign-on (SSO). ## Features * Manages users in AWS IAM Identity Center based on changes in a datastore that is attached to PingFederate. * Creates, updates, disables, and deletes users. * Allows you to enable the create, update, disable, and delete capabilities independently. * Allows you to provision disabled users. * Allows you to choose whether to disable or delete users when deprovisioning. * Manages groups in AWS IAM Identity Center based on changes in an external data store that is attached to PingFederate. * Creates and deletes groups. * Updates group memberships. * Enables browser-based SSO initiated by the service provider (SP) or identity provider (IdP). * Pre-populates some connection settings with the included quick connection template. ## Intended audience This document is intended for PingFederate administrators. If you need help during the setup process, see the following resources: * AWS IAM Identity Center documentation: * [What Is AWS Single Sign-On?](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html) * [IAM Identity Center prerequisites and considerations](https://docs.aws.amazon.com/singlesignon/latest/userguide/identity-center-prerequisites.html) * [Users, Groups, and Provisioning](https://docs.aws.amazon.com/singlesignon/latest/userguide/users-groups-provisioning.html) * [SCIM Profile and SAML 2.0 Implementation](https://docs.aws.amazon.com/singlesignon/latest/userguide/scim-profile-saml.html) * [Automatic Provisioning](https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-automatically.html) * [Using Ping Identity products with IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/pingidentity.html) * PingFederate documentation: * [SP connection management](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_sp_connect_management.html) * [Identity provider SSO configuration](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_ident_provid_sso_config.html) * [Managing digital signing certificates and decryption keys](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_certmanagementtasklet_dsigsigningcert_certmanagementstate.html) * [Datastores](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_datastores.html) * [Configuring outbound provisioning](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_spconnectionconfigtasklet_saasprovisioningstate.html) * [Configuring outbound provisioning settings](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/help_protocolsettingstasklet_saasglobalprovisioningsettingsstate.html) ## System requirements * PingFederate 9.0 or later. * An AWS IAM Identity Center administrator account. * To allow PingFederate to make outbound connections to the AWS IAM Identity Center API, you might need to allow the following domain in your firewall: * https\://aws.amazon.com