# Step 2: Deploy the IDC stack Install the IDC CloudFormation stack in the organisation management account. #### How to Install this Stack 1. Login to the AWS Management Console using the **Organisation Management Account.** 2. Navigate to the **CloudFormation** page. 3. Click **Create Stack** and select **With new resources (standard)**. 4. For Template Source, select **Amazon S3 URL** and enter the CloudFormation Template URL shown below and click **Next**. 5. On the **Specify Stack** page, enter the stack name '**SandboxStudio-IDC**' and use the parameters shown below. --- #### CloudFormation Template URL ``` https://sandbox-studio-software-dist.s3.amazonaws.com/versions//SandboxStudio-IDC.template.json ``` For more information on how to find the latest version, [click here](https://docs.sandboxstudiosoftware.com/books/installation-guide/page/aws-cloudformation-templates "AWS CloudFormation templates"). --- #### Parameters
**Key****What to enter**
**Namespace**Use the same namespace you used in step 1.
**HubAccountId**12‑digit Hub account ID
**IdentityStoreId**From IAM Identity Center
**SsoInstanceArn**From IAM Identity Center
**AdminGroupName**Default: `_SsAdminsGroup`
**ManagerGroupName**Default: `_SsManagersGroup`
**UserGroupName**Default: `_SsUsersGroup`
--- #### About this Stack **Purpose** - Sets up **IAM Identity Center groups**, permissions and roles used by Sandbox Studio. You add users to these groups to grant role‑based access to the application. **Where to deploy** - **Organisation management account**, even if you have delegated IAM Identity Center administration to another account. **What it creates** - A set of IDC groups aligned to Sandbox Studio roles (for example: administrators, managers, end users). **Validation checks** - Groups appear in **IAM Identity Center**. - Assigning a user to a group grants the expected application role after sign‑in. **Tips** - Add test users to each group and confirm the correct level of access in the UI before onboarding wider teams.