A company uses a third-party identity provider (IdP). The company wants to provide its employees with access to AWS accounts and services without requiring another set of login credentials.
Which AWS service will meet this requirement?
A company uses a third-party identity provider (IdP). The company wants to provide its employees with access to AWS accounts and services without requiring another set of login credentials.
Which AWS service will meet this requirement?
To meet the requirement of providing employees access to AWS accounts and services without requiring another set of login credentials, the appropriate service is AWS IAM Identity Center. This service allows organizations to manage access to multiple AWS accounts and connected applications centrally. It enables single sign-on (SSO) so that employees can use their existing third-party identity provider credentials to access AWS resources, thus eliminating the need for additional credentials.
B. Amazon Cognito Amazon Cognito allows you to add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. With Cognito, you can integrate with your existing third-party identity provider (IdP) through industry-standard protocols such as OpenID Connect (OIDC) and SAML 2.0.
Correct Answer is B. Awful, just awful, all given answers are wrong.
I initially answered option (B), Amazon Cognito, but I read too fast. The company uses a third-party IDP and wants to provide its employees access to AWS accounts and services without creating new logins. This can be accomplished by using IAM. AWS IAM Identity Center replaced AWS SSO (Single Sign-on). This service provides a single place to create and manage multiple AWS accounts and business applications. It also creates or connects workforce identities and manages their access centrally. SSO access to AWS accounts and SSO Access to Applications such as M365, Salesforce, and custom SAML 2.0 applications.
Definitely C. https://docs.aws.amazon.com/singlesignon/latest/userguide/prereq-identity-sources.html
The key is "...WITHOUT requiring another set of login credentials." Therefore the answer is C, IAM. B, Cognito, would be using an a different / additional set of login credentials.
AWS Directory Service: AWS Directory Service allows you to integrate AWS with your existing Active Directory or other LDAP-based directory services. You can use AWS Directory Service with AWS Single Sign-On (SSO) to enable federated access to AWS accounts and services. This means employees can use their existing corporate credentials (from the third-party IdP) to sign in to AWS without needing separate AWS-specific credentials.
The key is "...WITHOUT requiring another set of login credentials." please help with discussion on 478~480. Thanks.