diff --git a/web/packages/shared/components/AwsLaunchButton/AwsLaunchButton.tsx b/web/packages/shared/components/AwsLaunchButton/AwsLaunchButton.tsx
index 3fd51c5b1fe53..1bb9d7bc85627 100644
--- a/web/packages/shared/components/AwsLaunchButton/AwsLaunchButton.tsx
+++ b/web/packages/shared/components/AwsLaunchButton/AwsLaunchButton.tsx
@@ -48,7 +48,8 @@ export class AwsLaunchButton extends React.Component<Props> {
 
   render() {
     const { open } = this.state;
-    const { awsRoles, getLaunchUrl, onLaunchUrl } = this.props;
+    const { awsRoles, getLaunchUrl, onLaunchUrl, isAwsIdentityCenterApp } =
+      this.props;
     return (
       <>
         <ButtonBorder
@@ -94,6 +95,7 @@ export class AwsLaunchButton extends React.Component<Props> {
             onLaunchUrl={onLaunchUrl}
             closeMenu={this.onClose}
             onChange={this.onChange}
+            isAwsIdentityCenterApp={isAwsIdentityCenterApp}
           />
         </Menu>
       </>
@@ -107,6 +109,7 @@ function RoleItemList({
   closeMenu,
   onChange,
   onLaunchUrl,
+  isAwsIdentityCenterApp,
 }: Props & {
   closeMenu: () => void;
   onChange: (event: React.ChangeEvent<HTMLInputElement>) => void;
@@ -118,6 +121,9 @@ function RoleItemList({
     if (display !== name) {
       text = `${text} (${name})`;
     }
+    if (isAwsIdentityCenterApp) {
+      text = name;
+    }
     return (
       <StyledMenuItem
         as="a"
@@ -181,6 +187,7 @@ type Props = {
   getLaunchUrl(arn: string): string;
   onLaunchUrl?(arn: string): void;
   width?: string;
+  isAwsIdentityCenterApp?: boolean;
 };
 
 const StyledMenuItem = styled(MenuItem)(
diff --git a/web/packages/teleport/src/UnifiedResources/ResourceActionButton.tsx b/web/packages/teleport/src/UnifiedResources/ResourceActionButton.tsx
index ab51c11b2c4c4..2ab59b413b25e 100644
--- a/web/packages/teleport/src/UnifiedResources/ResourceActionButton.tsx
+++ b/web/packages/teleport/src/UnifiedResources/ResourceActionButton.tsx
@@ -24,6 +24,7 @@ import {
   MenuLogin,
 } from 'shared/components/MenuLogin';
 import { AwsLaunchButton } from 'shared/components/AwsLaunchButton';
+import { AwsRole } from 'shared/services/apps';
 
 import { UnifiedResource } from 'teleport/services/agents';
 import cfg from 'teleport/config';
@@ -36,7 +37,7 @@ import DbConnectDialog from 'teleport/Databases/ConnectDialog';
 import KubeConnectDialog from 'teleport/Kubes/ConnectDialog';
 import useStickyClusterId from 'teleport/useStickyClusterId';
 import { Node, sortNodeLogins } from 'teleport/services/nodes';
-import { App } from 'teleport/services/apps';
+import { App, AppSubKind } from 'teleport/services/apps';
 import { ResourceKind } from 'teleport/Discover/Shared';
 import { DiscoverEventResource } from 'teleport/services/userEvent';
 import { useSamlAppAction } from 'teleport/SamlApplications/useSamlAppActions';
@@ -162,21 +163,43 @@ const AppLaunch = ({ app }: AppLaunchProps) => {
     samlApp,
     samlAppSsoUrl,
     samlAppPreset,
+    subKind,
+    permissionSets,
   } = app;
   const { actions, userSamlIdPPerm } = useSamlAppAction();
-  if (awsConsole) {
+
+  const isAwsIdentityCenterApp = subKind === AppSubKind.AwsIcAccount;
+  function getAwsLaunchUrl(arnOrPermSetName: string) {
+    if (isAwsIdentityCenterApp) {
+      return `${publicAddr}&role_name=${arnOrPermSetName}`;
+    } else {
+      return cfg.getAppLauncherRoute({
+        fqdn,
+        clusterId,
+        publicAddr,
+        arn: arnOrPermSetName,
+      });
+    }
+  }
+  if (awsConsole || isAwsIdentityCenterApp) {
+    let awsConsoleOrIdentityCenterRoles: AwsRole[] = awsRoles;
+    if (isAwsIdentityCenterApp) {
+      awsConsoleOrIdentityCenterRoles = permissionSets.map(
+        (ps): AwsRole => ({
+          name: ps.name,
+          arn: ps.name,
+          display: ps.name,
+          accountId: name,
+        })
+      );
+    }
+
     return (
       <AwsLaunchButton
         width="123px"
-        awsRoles={awsRoles}
-        getLaunchUrl={arn =>
-          cfg.getAppLauncherRoute({
-            fqdn,
-            clusterId,
-            publicAddr,
-            arn,
-          })
-        }
+        awsRoles={awsConsoleOrIdentityCenterRoles}
+        getLaunchUrl={getAwsLaunchUrl}
+        isAwsIdentityCenterApp={isAwsIdentityCenterApp}
       />
     );
   }
diff --git a/web/packages/teleport/src/services/apps/apps.test.ts b/web/packages/teleport/src/services/apps/apps.test.ts
index c9a7148c4e483..e044fc89ca951 100644
--- a/web/packages/teleport/src/services/apps/apps.test.ts
+++ b/web/packages/teleport/src/services/apps/apps.test.ts
@@ -48,6 +48,7 @@ test('correct formatting of apps fetch response', async () => {
         samlApp: false,
         samlAppSsoUrl: '',
         integration: '',
+        permissionSets: [],
       },
       {
         kind: 'app',
@@ -69,6 +70,7 @@ test('correct formatting of apps fetch response', async () => {
         samlApp: false,
         samlAppSsoUrl: '',
         integration: '',
+        permissionSets: [],
       },
       {
         kind: 'app',
@@ -90,6 +92,7 @@ test('correct formatting of apps fetch response', async () => {
         samlApp: false,
         samlAppSsoUrl: '',
         integration: '',
+        permissionSets: [],
       },
       {
         kind: 'app',
@@ -112,6 +115,7 @@ test('correct formatting of apps fetch response', async () => {
         samlAppSsoUrl: 'http://localhost/enterprise/saml-idp/login/saml-app',
         samlAppPreset: 'gcp-workforce',
         integration: '',
+        permissionSets: [],
       },
     ],
     startKey: mockResponse.startKey,
diff --git a/web/packages/teleport/src/services/apps/makeApps.ts b/web/packages/teleport/src/services/apps/makeApps.ts
index d8309c753956e..749ffc1937386 100644
--- a/web/packages/teleport/src/services/apps/makeApps.ts
+++ b/web/packages/teleport/src/services/apps/makeApps.ts
@@ -20,7 +20,7 @@ import { AwsRole } from 'shared/services/apps';
 
 import cfg from 'teleport/config';
 
-import { App } from './types';
+import { App, PermissionSet } from './types';
 
 export default function makeApp(json: any): App {
   json = json || {};
@@ -38,7 +38,6 @@ export default function makeApp(json: any): App {
     integration = '',
     samlAppPreset,
     subKind,
-    permissionSets,
   } = json;
 
   const canCreateUrl = fqdn && clusterId && publicAddr;
@@ -49,6 +48,7 @@ export default function makeApp(json: any): App {
   const labels = json.labels || [];
   const awsRoles: AwsRole[] = json.awsRoles || [];
   const userGroups = json.userGroups || [];
+  const permissionSets: PermissionSet[] = json.permissionSets || [];
 
   const isTcp = uri && uri.startsWith('tcp://');
   const isCloud = uri && uri.startsWith('cloud://');