{
	"id": "69f981ee-9691-4772-9761-f01f52e98ee7",
	"created_at": "2026-04-06T01:30:19.146636Z",
	"updated_at": "2026-04-10T03:20:59.909082Z",
	"deleted_at": null,
	"sha1_hash": "867580fd0239dca91145e600d761083c28fa4b30",
	"title": "Federation",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 31213,
	"plain_text": "Federation\r\nArchived: 2026-04-06 01:11:29 UTC\r\nAWS IAM Identity Center makes it easy to centrally manage federated access to multiple AWS accounts and\r\nbusiness applications and provide users with single sign-on access to all their assigned accounts and applications\r\nfrom one place. You can use AWS IAM Identity Center for identities in the AWS IAM Identity Center’s user\r\ndirectory, your existing corporate directory, or external IdP.\r\nAWS IAM Identity Center works with an IdP of your choice, such as Okta Universal Directory or Azure Active\r\nDirectory (AD) via the Security Assertion Markup Language 2.0 (SAML 2.0) protocol. AWS IAM Identity Center\r\nseamlessly leverages IAM permissions and policies for federated users and roles to help you manage federated\r\naccess centrally across all AWS accounts in your AWS organization. With AWS IAM Identity Center, you can\r\nassign permissions based on the group membership in your IdP’s directory, and then control the access for your\r\nusers by simply modifying users and groups in the IdP. AWS IAM Identity Center also supports the System for\r\nCross-domain Identity Management (SCIM) standard for enabling automatic provisioning of users and groups\r\nfrom Azure AD or Okta Universal Directory to AWS. AWS IAM Identity Center makes it easy for you to\r\nimplement attribute-based access control (ABAC) by defining fine-grained permissions based on user attributes\r\ndefined in your SAML 2.0 IdP. AWS IAM Identity Center allows you to select your ABAC attributes from the\r\nuser information synchronized from the IdP via SCIM or pass multiple attributes, such as cost center, title, or\r\nlocale, as a part of a SAML 2.0 assertion. You can define permissions once for your entire AWS organization, and\r\nthen grant, revoke, or modify AWS access by simply changing the attributes in your IdP. With AWS IAM Identity\r\nCenter, you can also assign permissions based on the group membership in your IdP’s directory, and then control\r\nthe access for your users by simply modifying users and groups in the IdP.\r\nAWS IAM Identity Center can serve as an IdP to authenticate users to AWS IAM Identity Center integrated\r\napplications and SAML 2.0 compatible cloud-based applications, such as Salesforce, Box, and Microsoft 365,\r\nwith a directory of your choice. You can also use AWS IAM Identity Center to authenticate users to the AWS\r\nManagement Console, AWS Console Mobile Application, and AWS Command Line Interface (CLI). For your\r\nidentity source, you can choose Microsoft Active Directory or AWS IAM Identity Center’s user directory.\r\nTo learn more, see the AWS IAM Identity Center User Guide, visit AWS IAM Identity Center Getting Started, and\r\nexplore the following additional resources:\r\nBlog post: AWS IAM Identity Center between Okta Universal Directory and AWS\r\nBlog post: The Next Evolution in AWS IAM Identity Center\r\nSource: https://aws.amazon.com/identity/federation/\r\nhttps://aws.amazon.com/identity/federation/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://aws.amazon.com/identity/federation/"
	],
	"report_names": [
		"federation"
	],
	"threat_actors": [],
	"ts_created_at": 1775439019,
	"ts_updated_at": 1775791259,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/867580fd0239dca91145e600d761083c28fa4b30.pdf",
		"text": "https://archive.orkl.eu/867580fd0239dca91145e600d761083c28fa4b30.txt",
		"img": "https://archive.orkl.eu/867580fd0239dca91145e600d761083c28fa4b30.jpg"
	}
}