If your organization has a multi-cloud environment I would definitely recommend implementing identity federation (e.g. SAML, Oauth), either directly from your on prem enterprise directory or via an intermediate IDaaS service. Lifecycle IAM administration process implementation and operation for a proliferation of separate cloud-based identities for each service can be very inefficient and expensive, at least for larger organizations. Federation also provides SSO usability benefits and centralized termination of access on employee termination, which can be very important with insider risk scenarios.
For management plane access I would recommend separate identities (from "regular user" access) and multi-factor authentication, coupled with zero trust SDP access controls for privileged access. I'd also suggest that privileged API access to the management plane (e.g. infrastructure as code) should be secured similarly well, depending on the capabilities supported by the CSP.