Integrating AWS Identity Center with the Delinea Platform (PCCE)

The AWS IAM Identity Center is a secure authentication solution that enables users to log in to multiple websites and applications with one-time user authentication.

If you use the AWS Identity Center, integrating it with the Delinea Platform provides visibility into permissions granted from the IAM center, and enables the identification of over-privileged users. The integration requires a separate set of permissions from the standard AWS integration.

If your organization uses AWS Identity Center, you can integrate it in these ways:

• During the CloudFormation template integrations.

During the AWS integration (Individual AWS Integration and Multiple AWS Integration) the Delinea Platform gives you the option to add Identity Center as well. You can follow that procedure again or you can, use the procedure below.

• When integrating the Identity Center using the CloudFormation options, the following extra permissions are granted:

  • AWSSSOReadOnly

  • AWSSSODirectoryReadOnly

• To integrate AWS Identity Center:

  • add the above permissions to the role created for the Delinea integration.

  otherwise

  • point out to the master AWS account to gather the data from the identity center.