AWS IAM Identity Center helps you securely create or connect your workforce identities and manage their access centrally across AWS accounts and applications. Britive allows managing access to various AWS accounts and applications by providing JIT access and visibility of existing assignments made in the identity center.
This document explains how to onboard the AWS Identity Center application to Britive.
Once you have configured the Britive Identity Provider and an IAM role for the management AWS account, you can add the AWS Identity Center application in Britive and proceed with the onboarding steps.
After onboarding, you can scan the application from Britive to get the details (such as permissions, groups, and accounts) associated with them. You can also check out and check in profiles from the onboarded AWS Identity Center application.
The following profiles can be created:
Group and application profiles: While creating profiles, if a group or application is added as permission in the profile, it cannot be combined with a permission set. The association for such profiles should always be at the root level.
Permission set profiles: When a permission set is added to a profile, it cannot be combined with a group or an application. The association can be scoped to a root, OU, or individual AWS account.