Log in one time and connect to AWS & many other services.

Can create users or pull them from service providers (Identity source AD,OKTA )

Permissions management:

using Permissions Sets that is associated with an OU. use ABAC to fine grained permissions