A company wants to implement a federated identity solution for its employees to access the AWS Management Console. The company already uses an on-premises Microsoft Active Directory. Which TWO solutions will meet this requirement? (Select TWO.)

Answer options:

Use AWS IAM Identity Center (AWS Single Sign-On) and configure it to connect to the on-premises Active Directory using AWS Directory Service.

Create IAM users for each employee and sync their passwords using a custom script.

Configure a SAML 2.0 identity provider (IdP) in IAM and set up trust between the on-premises AD FS and AWS.

Use Amazon Cognito User Pools to sync users from the on-premises Active Directory.

Use AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) to replace the on-premises directory.

How to approach this question

Look for standard federation mechanisms: SAML 2.0 or AWS IAM Identity Center (formerly SSO).

Full Answer

A,C

To grant federated users access to the AWS Management Console, you can use AWS IAM Identity Center (which connects to AD) or set up a SAML 2.0 identity provider in IAM to establish trust with an on-premises IdP like AD FS.

Common mistakes

Choosing Amazon Cognito, which is designed for application authentication, not AWS console access.

Question 02 All questions Question 04

Practice the full AWS SAA-C03 Practice Exam 1

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...Medium Q02A solutions architect is designing an application that will run on Amazon EC2 instances. The appl...Easy Q04A mobile application needs to access Amazon DynamoDB directly to read user-specific data. The app...Hard Q05A company is hosting a web application on Amazon EC2 instances. The application connects to an Am...Medium Q06A solutions architect is reviewing the security of an AWS account. The architect notices that the...Easy

View all 65 questions →