The Problem
If you are following my advice, you have an organization set up and a few (or more) accounts. But each account requires access. Have you been resetting the root password each time and setting up MFA? You should not be using the root account anyway, and instead enabling IAM access for billing and using IAM users (or roles, as one is created for you when you create an account in the organization [but not when you invite existing accounts!]). So how are you doing it? Four different IAM users with Admin per account each with a different MFA token from the four root users with their MFA tokens? Eight logins already, and obviously you need some redundancy, so two or three people have access to the root user and the MFA, even if everyone has their own IAM user. If one of them leaves, rotation is mandatory. What a pain. There has to be a better way. And there is.
What Is Federated Login?
Basically, someone else is going to handle the authentication and authorization to one or more services. The service still defines the permissions, but nothing else. This is commonly referred to as Single Sign-on (SSO). In AWS, you create an IAM role (instead of an IAM user) with the set of permissions appropriate for the role. A role could be "Administrator" and the permissions would be "everything" but you could also have a role "Finance" which only has the ability to look at billing related data, but not customer records or databases. This role would then trust some other 3rd party entity via some mechanism such that when the 3rd party says "hey, Bob authenticated to me and is authorized to have the Finance role, so please give him a sesion," AWS will do the needful.
What Is AWS Identity Center (Formerly AWS SSO)?
This service acts as the bridge between your AWS organization and your IdP (Identity Provider, the "someone else" mentioned above). This service manages the roles and deploys them to the desired accounts in your organization (for example, the Finance role does not need to exist in the Security account). It also manages the link to the IdP, typically in the form of some XML document or certificate.
What Is JumpCloud?
JumpCloud is a fantastic company that competes with the likes of Okta, OneLogin, and others to be your Identity Provider. Why do I like JumpCloud? One very important reason: it's free for the first 10 users. And after that, it isn't very expensive. Are large enterprises using JumpCloud? Not too much, but how many large enterprises are there relative to 20-50 person startups? So head on over and get started. They have guides to walk you through this entire process. Now you'll have 1 identity, in JumpCloud, with 1 password, and 1 MFA token. But once you log in, you'll have access to all your applications - Jira, AWS, Google, and anything else you are utilizing for your business.