A company wants to implement a federated identity solution for its employees to access the AWS Management Console. The company already uses an on-premises Microsoft Active Directory. Which TWO solutions will meet this requirement? (Select TWO.)

Look for standard federation mechanisms: SAML 2.0 or AWS IAM Identity Center (formerly SSO).

What mistakes do candidates make on this AWS SAA-C03 question?

Choosing Amazon Cognito, which is designed for application authentication, not AWS console access.

A.

Use AWS IAM Identity Center (AWS Single Sign-On) and configure it to connect to the on-premises Active Directory using AWS Directory Service.

B.

Create IAM users for each employee and sync their passwords using a custom script.

C.

Configure a SAML 2.0 identity provider (IdP) in IAM and set up trust between the on-premises AD FS and AWS.

D.

Use Amazon Cognito User Pools to sync users from the on-premises Active Directory.

E.

Use AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) to replace the on-premises directory.