AWS IAM Identity Center allows programmatic account access for customer apps
AWS IAM Identity Center now enables customer-managed applications to programmatically access AWS accounts on behalf of users, discovering accounts and roles, and retrieving temporary credentials. This integration, by configuring an external IdP as a trusted token issuer, eliminates redundant sign-ins for users accessing AWS resources. The feature is available for organization instances and requires explicit enablement by administrators in all commercial and specialized AWS Regions.
- →Programmatic AWS account access for customer-managed applications
- →Feature availability and configuration
Features (1) ›
- Programmatic AWS account access for customer-managed applications
IAM Identity Center now supports programmatic AWS account access for customer-managed applications. This allows these applications to discover assigned accounts and roles, and retrieve temporary credentials for users authenticated via an external identity provider. This integration eliminates redundant user sign-ins when accessing AWS resources.
Notes (1) ›
- Feature availability and configuration
This feature is available for organization instances of IAM Identity Center and requires explicit enablement by administrators for each customer-managed application. Centralized governance ensures control over which applications can access account-level resources. It is available in all commercial AWS Regions, AWS GovCloud (US) Regions, and China Regions.
https://aws.amazon.com/about-aws/whats-new/2026/06/aws-iam-identity-center-account-access-customer-managed-apps/