How to switch between Active Directory and External IdP (or vice versa) in AWS IAM Identity Center with Automation
Migration and Modernization Blog
This article provides a solution for organizations looking to switch between Microsoft Active Directory (AD) and an external Identity Provider (IdP) in AWS IAM Identity Center. It outlines the considerations for changing the identity source and presents a Python script to automate the process.
Specifically, the article covers:
- Solution overview and prerequisites
- Step-by-step deployment instructions for the Python script
- Backing up users, groups, and assignments before switching identity sources
- Changing the identity source in IAM Identity Center
- Provisioning new users and groups after the identity source switch
- Recreating permission set assignments using the script
- Conclusion emphasizing the benefits of automating the identity source switch process
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Sep 25
2024
2024
Managing identity source transition for AWS IAM Identity Center
Nov 13
2025
2025
Securely accessing external accounts with AWS IAM Identity Center
Aug 12
2024
2024
Simplify Active Directory authentication with a custom identity provider for AWS Transfer Family
Nov 19
2025
2025
Simplify access to external services using AWS IAM Outbound Identity Federation
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.