Federated Identity Management

aws/security aws/iam aws/concept

💡 Definition

Federated Identity Management is a system that allows users to access resources (like AWS accounts and applications) from multiple, independent identity management systems using a single set of credentials. Instead of AWS maintaining a separate user directory, it trusts an external identity provider (IdP) to authenticate users.

🔑 Key Concepts

⚙️ How it Works

  1. User Authenticates: A user logs into their corporate network or a social IdP.
  2. IdP Asserts Identity: The IdP asserts the user's identity and attributes (e.g., department, group membership) to AWS.
  3. AWS Grants Access: AWS maps the asserted identity to a pre-configured IAM Role in the AWS account.
  4. Temporary Credentials: The user assumes the IAM Role and receives temporary credentials, which can then be used to access AWS resources.

🎯 Use Cases

💰 Pricing Model

📝 Exam Tips (CLF-C02)


See Also: * IAM * AWS SSO * IAM Role * IAM User