SAA-C03 · Question #362
SAA-C03 Question #362: Real Exam Question with Answer & Explanation
The correct answer is D: Configure Security Assertion Markup Language (SAML) 2.0-based federation. Create roles with. SAML 2.0-based federation allows organizations to integrate their on-premises Active Directory with AWS, enabling Single Sign-On (SSO) for AWS Management Console and AWS CLI/API access. This lets users continue using their existing AD credentials, removing the need to manage sepa
Question
A company wants to provide users with access to AWS resources. The company has 1,500 users and manages their access to on-premises resources through Active Directory user groups on the corporate network. However, the company does not want users to have to maintain another identity to access the resources. A solutions architect must manage user access to the AWS resources while preserving access to the on-premises resources. What should the solutions architect do to meet these requirements?
Options
- ACreate an IAM user for each user in the company. Attach the appropriate policies to each user.
- BUse Amazon Cognito with an Active Directory user pool. Create roles with the appropriate policies
- CDefine cross-account roles with the appropriate policies attached. Map the roles to the Active
- DConfigure Security Assertion Markup Language (SAML) 2.0-based federation. Create roles with
Explanation
SAML 2.0-based federation allows organizations to integrate their on-premises Active Directory with AWS, enabling Single Sign-On (SSO) for AWS Management Console and AWS CLI/API access. This lets users continue using their existing AD credentials, removing the need to manage separate identities for AWS and on-premises systems. Mapping roles to AD groups provides granular access control and seamless management.
Community Discussion
No community discussion yet for this question.