Typically, establishing robust Identity Lifecycle Management is often considered very late in the development life cycle by organizations offering SaaS applications on a global basis. For example, how do you keep track of active users within your customers' organizations? This can leave you in a situation where an employee having access to your application leaves the customer organization, located in a different time zone. Often it is easiest, from a account management perspective, to have a feature within your SaaS application to create an application administrator role per customer who, in turn, is responsible for managing users within their respective organizations.

AWS Directory Services can help reduce the complexity of managing groups of users. These groups can be mapped to IAM roles for appropriate access to AWS APIs. Organizations can also choose to extend their on-premises directory services to the AWS cloud using Direct Connect.