Topic 1 Question 229
A company is creating a new multi-account architecture. A SysOps administrator must implement a login solution to centrally manage user access and permissions across all AWS accounts. The solution must be integrated with AWS Organizations and must be connected to a third-party Security Assertion Markup Language (SAML) 2.0 identity provider (IdP).
What should the SysOps administrator do to meet these requirements?
Configure an Amazon Cognito user pool. Integrate the user pool with the third-party IdP.
Enable and configure AWS Single Sign-On with the third-party IdP.
Federate the third-party IdP with AWS Identity and Access Management (IAM) for each AWS account in the organization.
Integrate the third-party IdP directly with AWS Organizations.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: B
AWS IAM Identity Center makes it easy to centrally manage federated access to multiple AWS accounts and business applications and provide users with single sign-on access to all their assigned accounts and applications from one place. You can use AWS IAM Identity Center for identities in the AWS IAM Identity Center’s user directory, your existing corporate directory, or external IdP.
👍 3SomboonCH2023/02/13 B. AWS Single Sign-On (SSO) is the service to use in order to integrate with a third-party identity provider (IdP) such as SAML 2.0 and centrally manage user access and permissions across all AWS accounts. AWS Cognito is used for user authentication, but not for this use case. Federating the third-party IdP with AWS IAM is not required in this situation, as AWS SSO is used to manage user access. Additionally, it is not possible to integrate the third-party IdP directly with AWS Organizations.
👍 2awsguru19982023/02/12- 正解だと思う選択肢: B
It's B. AWS SSO (IAM Identity Center) supports SAML 2.0
👍 2Phinx2023/02/18
シャッフルモード