Hi! I’m Girish, an AWS Community Builder and Cloud Tech Enthusiast with expertise in delivering customer-focused, business-impacting cloud transformation programs of high complexity.
In my previous article, I shared how I used AWS Kiro’s vibe coding feature to build a Customer Lookup API powered by Amazon API Gateway, AWS Lambda, Amazon DynamoDB, and AWS SAM.
In another article, I explored Kiro hooks using a simple HelloWorld Python program. I demonstrated how hooks can automatically update a README.md file whenever the Python code is modified.
There is so much more you can do with Kiro. However, first things first, you need to log in to Kiro to start building creative, GenAI-assisted solutions.
Kiro provides multiple ways to log in and set up a subscription:
- Log in / subscribe using Google
- Log in / subscribe using GitHub
- Log in / subscribe using AWS Builder ID
- Log in / subscribe using your organization’s Single Sign-On (SSO)
The first three options are individual subscription models. This means you sign up independently and pay monthly based on the plan you select.
The Organization Single Sign-On option is designed for team-based access. In this model, your account is provisioned by your cloud administrator, and you are provided with a dedicated login URL. This enables centralized access management and consolidated billing.
In this article, I will walk you through the step-by-step process of configuring Kiro using a Team subscription, enabled through AWS IAM Identity Center.
What Is an Organization (Team / Enterprise) Subscription?
This option is used when your company centrally manages access using AWS IAM Identity Center. In this model:
- Kiro subscriptions are managed at the organizational level
- Users and groups are provisioned in advance
- You must sign in using a company-specific URL
What Is AWS IAM Identity Center?
AWS IAM Identity Center is a centralized identity management service that enables organizations to manage workforce access to AWS accounts and cloud applications.
It allows administrators to:
- Create or connect user identities
- Organize users into groups
- Assign permissions across multiple AWS accounts
- Enable Single Sign-On (SSO) for supported applications
In the context of Kiro, AWS IAM Identity Center enables secure, centralized access management and subscription control for teams and enterprises.
Individual vs Team / Organization Subscription
Architecture/Design
At a high level, the architecture/Flow diagram as below:
AWS IAM Identity Center --> Kiro Team Subscription --> Kiro Login using org SSO
Step-by-Step: Configuring Kiro Team Subscription
Step 1: Enable IAM Identity Center
Search for IAM Identity Center
In the AWS Management Console, type IAM Identity Center and open the service.
Enable Identity Center
Click Enable to activate IAM Identity Center.
- Choose a Region
- Select the AWS region where Identity Center will be managed.
Step 2: Create a Group for Kiro Users
- Navigate to Groups
- Click Create group
- Enter group name:
I will name it as kiro_dev_group
Step 3: Create a User and Assign to the Group
Create the User
Go to Users → Add user
Enter Username, Email, First & Last Name
- Assign User to Group
- Assign to kiro_dev_group
Review and Create
- Confirm details and create the user
- Review confirmation message
Step 4: Review Email and Complete User Setup
Check Invitation Email
Set Password and Configure MFA
Click the email link, set password, and configure MFA
✅ User and group setup complete
Step 5: Enable Kiro Subscription
Navigate to the Kiro Subscription Page
Open the Kiro admin or subscription page.
Review Pricing and Select Plan
For this walkthrough:
Select Pro (or Enterprise based on your org)
Enable Kiro
Activate Kiro for your organization.
Step 6: Assign Users or Groups to Kiro
Instead of individual users, assign the group.
- Click Add users or groups
- Select the subscription plan
- Choose: kiro_dev_group
- Assign the group
Step 7: Review Organization Sign-In URL
After configuration, note the IAM Identity Center sign-in URL:
https://xxxxxxxxxx.awsapps.com/start
Step 8: Sign In to Kiro Using Organization Login
Open Kiro IDE
On the login screen:
- Select Sign in with your organization
Enter Organization URL
Paste your Identity Center URL and continue.
Confirm Access
Authenticate using:
- IAM Identity Center credentials
- MFA (if prompted)
You are logged in and now part of the Kiro Enterprise Plan
Conclusion
In this article, I demonstrated how using AWS IAM Identity Center with Kiro enables secure, centralized team subscriptions, providing scalable access management for your organization. This setup shifts the burden of individual account management away from developers and IT, allowing teams to focus on building, collaborating, and delivering high-value solutions.
Whether you’re provisioning users, organizing groups, assigning subscriptions, or configuring MFA, IAM Identity Center acts as your enterprise-grade access manager, ensuring every team member has the right permissions without manual overhead.
By starting with a single group and gradually scaling to include multiple teams and subscription plans, you can establish a streamlined environment where onboarding, access control, and billing are automated and consistent across your organization.
Experiment with these steps and see how Kiro, combined with IAM Identity Center, transforms team development workflows and simplifies GenAI-assisted coding at scale.
Generative AI is transforming the way development happens, and tools like Kiro make this process faster and more collaborative. While managing multiple users and subscriptions may seem complex, IAM Identity Center provides the governance and security your organization needs.
I believe this is just the beginning, and these tools will continue to evolve rapidly!
Thanks for reading, and I hope you found this walkthrough insightful.
Watch the video here:
Thanks,
𝒢𝒾𝓇𝒾𝓈𝒽 ℬ𝒽𝒶𝓉𝒾𝒶
𝘈𝘞𝘚 𝘊𝘦𝘳𝘵𝘪𝘧𝘪𝘦𝘥 𝘚𝘰𝘭𝘶𝘵𝘪𝘰𝘯 𝘈𝘳𝘤𝘩𝘪𝘵𝘦𝘤𝘵
𝘈𝘞𝘚 𝘊𝘦𝘳𝘵𝘪𝘧𝘪𝘦𝘥 𝘋𝘦𝘷𝘦𝘭𝘰𝘱𝘦𝘳 𝘈𝘴𝘴𝘰𝘤𝘪𝘢𝘵𝘦
𝘈𝘞𝘚 𝘊𝘦𝘳𝘵𝘪𝘧𝘪𝘦𝘥 𝘎𝘦𝘯𝘈𝘐 𝘗𝘳𝘢𝘤𝘵𝘪𝘵𝘪𝘰𝘯𝘦𝘳
𝘈𝘞𝘚 𝘊𝘭𝘰𝘶𝘥 𝘛𝘦𝘤𝘩𝘯𝘰𝘭𝘰𝘨𝘺 𝘌𝘯𝘵𝘩𝘶𝘴𝘪𝘢𝘴𝘵
Top comments (2)
Hi Girish. thanks for the post. I am the product manager with Kiro and just wanted to point out that on Feb 12th we also introduced external IdP as an alternative mechanism for teams to onboard to Kiro. Probably worth updating the blog post to reflect this. Please find the announcement here: kiro.dev/blog/enterprise-identity-...
Thanks Nima. I will review and update in coming days!! Kiro keeps getting better!!