With AWS SSO you can create flexible permissions, aligned with your roles or projects, to assign users and groups access centrally across all your AWS Organizations accounts. AWS SSO centrally configures and maintains all the permissions in your accounts automatically, without requiring additional setup in individual accounts. With the new release, you can connect Azure AD using the Security Assertion Markup Language (SAML) 2.0 standard, use AWS SSO to manage access centrally to your AWS accounts, and your users can sign in with their Office 365 sign-in experience. Customers can also provision Azure AD users and groups into AWS SSO automatically with the standard protocol System for Cross-domain Identity Management (SCIM). For example, if you granted an Azure AD group permissions to manage EC2 instances and later removed someone from the group, that person loses the permission to manage EC2 instances, automatically. We are actively working with AWS Partner Network members including Okta, OneLogin, and Ping Identity to enable interoperability for their identity providers.