Proces Nadawania i Odbierania Dostepu do AWS

aws · architecture diagram.

Diagrams.so

About This Architecture

Access grant and revocation workflow integrating Microsoft Entra ID, SCIM provisioning, and AWS IAM Identity Center with SSO and MFA. New employees are added to Entra ID groups, synchronized via SCIM to AWS IAM Identity Center where Permission Sets are assigned, then authenticate through SSO plus MFA to gain AWS account access. Role changes or departures trigger the reverse flow: group removal in Entra ID, SCIM synchronization, Permission Set revocation in IAM Identity Center, and immediate AWS access loss. This architecture demonstrates zero-trust identity governance, automating access lifecycle management and reducing manual provisioning errors. Fork this diagram on Diagrams.so to customize for your organization's Entra ID tenant, SCIM connector, and AWS organizational structure.

People also ask

How do I automate AWS access provisioning and deprovisioning using Microsoft Entra ID and IAM Identity Center?

This diagram shows a complete access lifecycle: new employees added to Entra ID groups trigger SCIM synchronization to AWS IAM Identity Center, where Permission Sets grant AWS account access via SSO and MFA. Role changes or departures reverse the flow, revoking access instantly through group removal and Permission Set deassignment.

Proces Nadawania i Odbierania Dostepu do AWS

AWSintermediateAWS IAM Identity CenterMicrosoft Entra IDSCIM provisioningfederated identityaccess managementSSO MFA
Domain: Cloud AwsAudience: AWS identity and access management architects implementing federated access with Microsoft Entra ID
1 views0 favoritesPublic

Created by

March 15, 2026

Updated

March 16, 2026 at 7:52 PM

Type

architecture

Need a custom architecture diagram?

Describe your architecture in plain English and get a production-ready Draw.io diagram in seconds. Works for AWS, Azure, GCP, Kubernetes, and more.

Generate with AI