Today, AWS Control Tower announced additional landing zone flexibility. Customers can now select whether AWS Control Tower sets up AWS account access with AWS IAM Identity Center (successor to AWS Single Sign-On), or they can self-manage AWS account access with AWS IAM Identity Center or use another method. AWS Control Tower continues to deliver an opinionated configuration following AWS best practices, while recognizing that some customers have existing configurations or bespoke business needs that require deviation from AWS Control Tower’s standard configuration. Customers can opt into Control Tower governed IAM Identity Center directory groups and permissions sets at any time.
Source:: Amazon AWS