# IAM vs IAM Identity Center

| Feature                        | **IAM (Identity and Access Management)**              | **IAM Identity Center (formerly AWS SSO)**                                |
| ------------------------------ | ----------------------------------------------------- | ------------------------------------------------------------------------- |
| 🎯 **Purpose**                 | Manage individual **users, groups, and roles** in AWS | Manage **federated access** for workforce users (SSO)                     |
| 👥 **User Management**         | Local IAM users (manually created)                    | Centralized identity source (can connect to Active Directory, Okta, etc.) |
| 🔐 **Access Type**             | API access, CLI, and console via IAM credentials      | SSO access to AWS accounts, applications, and CLI                         |
| 🏢 **Use Case**                | Programmatic users, services, automation roles        | Enterprise login for employees across accounts                            |
| 📂 **Access Across Accounts**  | Use roles with AssumeRole manually                    | Seamless multi-account access with permission sets                        |
| 🧱 **Scalability**             | Good for small-scale setups                           | Designed for enterprise and multi-account setups                          |
| 🔄 **Password Reset/Recovery** | You manage it manually                                | Users can reset via Identity Center (like Okta/Google)                    |
| 📦 **Integration**             | AWS native services                                   | AWS + SaaS + Microsoft 365 + custom apps                                  |
| 🔐 **MFA Support**             | You configure it yourself                             | Built-in MFA (SMS, Authenticator apps, etc.)                              |