Proces Nadawania i Odbierania Dostepu do AWS
About This Architecture
Access grant and revocation workflow integrating Microsoft Entra ID, SCIM provisioning, and AWS IAM Identity Center with SSO and MFA. New employees are added to Entra ID groups, synchronized via SCIM to AWS IAM Identity Center where Permission Sets are assigned, then authenticate through SSO plus MFA to gain AWS account access. Role changes or departures trigger the reverse flow: group removal in Entra ID, SCIM synchronization, Permission Set revocation in IAM Identity Center, and immediate AWS access loss. This architecture demonstrates zero-trust identity governance, automating access lifecycle management and reducing manual provisioning errors. Fork this diagram on Diagrams.so to customize for your organization's Entra ID tenant, SCIM connector, and AWS organizational structure.
People also ask
How do I automate AWS access provisioning and deprovisioning using Microsoft Entra ID and IAM Identity Center?
This diagram shows a complete access lifecycle: new employees added to Entra ID groups trigger SCIM synchronization to AWS IAM Identity Center, where Permission Sets grant AWS account access via SSO and MFA. Role changes or departures reverse the flow, revoking access instantly through group removal and Permission Set deassignment.
- Domain:
- Cloud Aws
- Audience:
- AWS identity and access management architects implementing federated access with Microsoft Entra ID
Generated by Diagrams.so — AI architecture diagram generator with native Draw.io output. Fork this diagram, remix it, or download as .drawio, PNG, or SVG.
