# Integrated identity partners The M&G Guide recommends you consider at a minimum the following questions when choosing an AWS Partner solution for identity management: + Does it integrate with a single sign-on provider such as AWS SSO? + Does it support the System for Cross-domain Identity Management (SCIM) v2.0 standard for automating the exchange of user identity information? + Does it support federated user and group mapping? + Does it include a method for managing predefined permissions at scale such as AWS permission sets in IAM Identity Center? Optimize identity management in a multi-account environment with a simplified single sign-on experience, user provisioning, and password management for your AWS environments. The following integrated identity AWS Partners have provided integrations that align to the M&G Guide, and are available for deployment from AWS Marketplace. [CyberArk](https://aws.amazon.com/marketplace/solutions/control-tower/identity-management/#CyberArk) helps organizations secure access to critical business applications and infrastructure, protect a distributed workforce, and accelerate business in the cloud. With CyberArk Identity Security Platform, enterprises can streamline access provisioning to AWS and give workers secure and frictionless access to all authorized AWS resources from any location, using any device. In addition to centralized management of end-user access to AWS environments, CyberArk provides comprehensive auditing and reporting capabilities to simplify access compliance. [Kion](https://aws.amazon.com/marketplace/solutions/control-tower/cost-management-and-governance/#cloudtamer.io) is a comprehensive enablement software solution that delivers visibility and control of cloud workloads. [Kion](https://aws.amazon.com/marketplace/solutions/control-tower/cost-management-and-governance/#cloudtamer.io) provides integrations with identity providers to allow control over cloud federation and policy controls at an account and an organization level. [Kion](https://aws.amazon.com/marketplace/solutions/control-tower/cost-management-and-governance/#cloudtamer.io) allows enterprises to manage their cloud presence at scale with automation and orchestration, financial management, and compliance. [Okta](https://aws.amazon.com/marketplace/solutions/control-tower/identity-management/#Okta) enables teams to securely and seamlessly manage AWS IAM Identity Center (IAM Identity Center) entitlements at scale. After connecting Okta Identity Cloud to IAM Identity Center once, you can manage access to AWS centrally in IAM Identity Center, and enable end users to sign in using Okta to access all their assigned AWS accounts through AWS Organizations. This includes centralized reporting and auditing of end-user access across all apps and systems. [OneLogin](https://aws.amazon.com/marketplace/solutions/control-tower/identity-management/#OneLogin) cloud-based identity and access management enables IT teams to manage and provision access to AWS resources centrally. Whether you’re newly migrating to AWS or an enterprise user, integrating Control Tower with OneLogin helps ensure you can easily and securely scale your enterprise-wide environments and IAM permissions. [Ping Identity's](https://aws.amazon.com/marketplace/solutions/control-tower/identity-management/#PingIdentity) PingOne Cloud Platform solution provides central authentication services to connect employees across any application, directory, and situation. By providing authentication for all end users and identities in customer environments, Ping can reduce authentication silos, and help your business increase agility. The result is a centrally-managed authentication hub that provides a highly-configurable, secure, and consistent experience for your workforce. [Sonrai Dig](https://aws.amazon.com/marketplace/solutions/control-tower/security/#Sonrai_Security) is an enterprise cloud security platform providing complete visibility across all multi-account AWS environments. Using Dig’s Cloud Identity Entitlement Management (CIEM) capabilities, you can continually inventory your identities (people and non-people), compute their effective (end-to-end) permissions, enforce least privilege, and alert on any deviations as soon as they are detected.