IAM does not have the ability to authenticate to the application. For example, in an on-prem system, an application-like software that uses AD as an authentication system, when moving to the AWS cloud, will need to be deployed AWS Directory Service (install & migrate).
IAM cannot manage authentication for the operating system. After the servers in the on-prem system are migrated to EC2, access to EC2 can be via AD or LDAP that has been extended from the on-prem system or run standalone.
AWS Management Console
CLI - scripting tool
Some important operations are often done with IAM such as: Create User, Group, Role, and Access policy