A company uses AWS Organizations to manage its AWS accounts. A DevOps engineer must ensure that all users who access the AWS Management Console are authenticated through the company’s corporate identity provider (IdP).
Which combination of steps will meet these requirements? (Choose two.)
To ensure that all users who access the AWS Management Console are authenticated through the company’s corporate identity provider (IdP), you need to configure identity federation with SAML 2.0 using AWS IAM Identity Center (formerly AWS Single Sign-On) to enable SSO integration. Additionally, creating a Service Control Policy (SCP) in AWS Organizations to deny password creation for IAM users will enforce that users cannot log in directly with IAM credentials, ensuring they use SSO for authentication.
BE is answer { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "iam:CreateLoginProfile", "iam:UpdateLoginProfile" ], "Resource": "*" } ] }
of course B. E enforce that users cannot log in directly with IAM credentials. Instead, they must use the SSO setup provided by AWS IAM Identity Center, ensuring compliance with the requirement to authenticate through the corporate IdP.
---> BE