How OCC and AWS Architected Enterprise-Scale Identity Governance for Critical Financial Infrastructure

This article details how the Options Clearing Corporation (OCC), a systemically important financial market utility, partnered with AWS to modernize identity governance using AWS IAM Identity Center, replacing complex per-account access controls with a centralized, role-based framework.

• OCC faced governance bottlenecks managing hundreds of individual IAM roles across growing AWS footprint
• Previous per-account model created fragmented access, redundant entitlements, and complex onboarding processes
• AWS IAM Identity Center provided centralized identity management with consistent permission sets across accounts
• Infrastructure as Code with Terraform enabled version-controlled, auditable access definitions
• SCIM v2.0 integration automated user lifecycle management from existing identity provider
• Phased migration started with view-only roles, then parallel deployment, consolidation, and validation
• Access provisioning time reduced from weeks to days; entitlement complexity significantly decreased
• Unified audit trails improved compliance reporting and security incident investigation
• Single sign-on enhanced user experience while maintaining comprehensive governance controls
• Future IAM Access Analyzer deployment will enable continuous least-privilege monitoring and unused access detection

OCC's implementation demonstrates that simplifying identity governance through centralization and standardization strengthens security while reducing operational complexity, providing a blueprint for critical financial infrastructure modernization.