Skip to main content

Supported Features

Account Creation Account Deletion

Prerequisites

Step 1: Creating a Policy for Integration

  1. Go to Identity and Access Management (IAM), and click [Create policy] from Policies in the left menu. For details, refer to Creating IAM policies (external site).
IAM policy screen
  1. On the Create policy screen, click the JSON tab and overwrite with the following script.
Policy JSON edit screen
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "identitystore:ListGroupMemberships",
                "sso:ListAccountAssignmentsForPrincipal",
                "organizations:ListAccounts",
                "sso:ListPermissionSets",
                "identitystore:ListUsers",
                "sso:ListInstances",
                "identitystore:ListGroups",
                "sso:DescribePermissionSet"
            ],
            "Resource": "*"
        }
    ]
}
  1. Enter a name of your choice and click [Create policy] to save. (No other fields are required.)
Policy creation complete

Step 2: Creating a Role for Integration

  1. Go to Identity and Access Management (IAM), and click Roles > Create role from the left menu.
Role creation screen
  1. On the Select trusted entity screen, enter the following values. When finished, click [Next].
  • Trusted entity type: Select AWS account
  • AWS account: Select Another AWS account and enter 162001151631 as the account ID.
  • Check Require an external ID (Best practice when a third party will assume this role)
  • For External ID, enter a random alphanumeric string (no symbols, 24+ characters recommended).
  • Uncheck Require MFA.
  • To add or remove users in Admina, grant these permissions to the role.
Role settings screen
  1. Select the policy created in Step 1, then click Next.
Policy selection screen
  1. Set any role name and click [Create role]. (No other fields need to be edited.)
Role name settings screen

Setting Permissions to Create and Delete Customer-Managed Policies

To add or remove users in Admina, grant the following permissions to the role. For details, also refer to Controlling access to policies for creating, updating, and deleting customer-managed policies (external site).
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "identitystore:CreateUser", 
                "identitystore:DeleteUser", 
                "identitystore:CreateGroupMembership" 
            ],
            "Resource": "*"
        }
    ]
}

Step 3: Confirming the Role ARN

  1. Search for and open the role you created on the Roles screen.
  2. The Role ARN will be displayed. Copy and save it.
Role ARN confirmation screen

Step 4: Confirming the Region and Workspace Key

Go to IAM Identity Center > Settings and copy and save the Region and Identity store ID. IAM Identity Center settings screen

Integration Setup

  1. In Admina, go to Integrations > Integrations and search for AWS IAM Identity Center.
Admina integration screen
  1. Enter the workspace key, region, Role ARN, and the external ID set during role creation obtained in the previous steps, then click Connect.
Integration details input screen
  1. Once the integration with AWS IAM Identity Center is successful, registered user information will appear in the account list.
If it does not complete successfully, click Edit from the Status tab on the integrations screen and try again. If the issue persists, please contact us via chat. For an overview of the AWS IAM Identity Center integration, see the integration page.

Manual Account Matching for SaaS Services Where Email Address Cannot Be Retrieved

Because email addresses cannot be retrieved for this service, user types are identified as “Unknown ID” in Directory > ID type. If needed, manually match (merge) accounts with other accounts. For configuration details, please contact us.
Last modified on June 18, 2026