A company uses a third-party identity provider (IdP). The company wants to provide its employees with access to AWS accounts and services without requiring another set of login credentials.
AWS IAM Identity Center (formerly AWS Single Sign-On or AWS SSO)provides a single sign-on experience for accessing AWS accounts and applications by integrating with third-party identity providers (IdPs) like Microsoft Active Directory, Okta, or any SAML 2.0-compliant IdP. This service allows employees to log in once using their existing corporate credentials managed by the third-party IdP and gain access to multiple AWS accounts and services without needing separate AWS credentials.
Why other options are not suitable:
A. AWS Directory Service: Provides a managed Microsoft Active Directory, but does not directly support single sign-on integration with third-party IdPs.
B. Amazon Cognito: Primarily used for managing authentication for web and mobile apps, not for integrating third-party IdPs for AWS management access.
D. AWS Resource Access Manager (AWS RAM): Used for sharing AWS resources across accounts, not for identity and access management.
[References:, AWS IAM Identity Center Documentation, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit