Topic 1 Question 132
A company manually provisions IAM access for its employees. The company wants to replace the manual process with an automated process. The company has an existing Active Directory system configured with an external SAML 2.0 identity provider (IdP).
The company wants employees to use their existing corporate credentials to access AWS. The groups from the existing Active Directory system must be available for permission management in AWS Identity and Access Management (IAM). A DevOps engineer has completed the initial configuration of AWS IAM Identity Center (AWS Single Sign-On) in the company’s AWS account.
What should the DevOps engineer do next to meet the requirements?
Configure an external IdP as an identity source. Configure automatic provisioning of users and groups by using the SCIM protocol.
Configure AWS Directory Service as an identity source. Configure automatic provisioning of users and groups by using the SAML protocol.
Configure an AD Connector as an identity source. Configure automatic provisioning of users and groups by using the SCIM protocol.
Configure an external IdP as an identity source Configure automatic provisioning of users and groups by using the SAML protocol.
ユーザの投票
コメント(10)
- 正解だと思う選択肢: A
(A) AWS SSO (Single Sign-On) integrates with external identity providers using SAML 2.0, and it can automatically synchronize users and groups from a connected directory using the SCIM (System for Cross-domain Identity Management) protocol. Thus, the DevOps engineer should configure the external IdP as an identity source and then configure automatic provisioning of users and groups by using the SCIM protocol. This will ensure the groups from the existing Active Directory system are available for permission management in AWS Identity and Access Management (IAM) and that employees can use their existing corporate credentials to access AWS.
👍 4tartarus232023/06/20 - 正解だと思う選択肢: D
D is correct
👍 1Toptip2023/07/05 - 正解だと思う選択肢: A
SCIM protocol is to sync the user and groups from the external identity source
👍 1Blueee2023/07/05
シャッフルモード