Set up single sign-on for IAM-based domains
Enable AWS IAM Identity Center single sign-on (SSO) for your IAM-based domain to onboard users from your corporate identity workforce. After you connect to IAM Identity Center, you can add SSO users and groups to projects, enabling them to collaborate on project data and resources.
You can set up IAM Identity Center integration from the Amazon SageMaker Unified Studio domain administration page. To complete this procedure, you must have domain administrator permissions.
Connecting to IAM Identity Center
Complete the following procedure to connect your IAM-based domain to an IAM Identity Center instance.
-
From the domain administration page, choose Users in the left navigation pane.
-
In the AWS IAM Identity Center connect section, review the connection status.
-
Choose Connect.
-
For the instance type, select one of the following options:
-
Organization instance (recommended) — Uses the organization-level IAM Identity Center instance.
-
Account instance — Uses an account-level IAM Identity Center instance.
-
-
Review the user and group assignment setting. By default, assignments are set to Requires assignment, which means that users must be explicitly added to the domain. To disable required assignments, use the API during initial Identity Center enablement.
-
Choose Connect.
Viewing SSO connection details
After you connect to an IAM Identity Center instance, a View SSO connection button appears on the Users page. Choose this button to view the following connection details:
-
Instance type — The type of IAM Identity Center instance (organization or account).
-
User and group assignments — The current assignment setting for the connection.
