AWS Certified Developer - Associate Exam: User Management for Mobile Applications

User Management for Mobile Applications

Prev Question Next Question

Question

Your company is developing an application that users on their mobile devices will primarily use.

The users need to have the ability to authenticate themselves via identity providers through Security Assertion Markup Language 2.0

Which of the following service should be used for user management?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B.

This is also given in the AWS Documentation.

Amazon Cognito supports authentication with identity providers through Security Assertion Markup Language 2.0 (SAML 2.0)

You can use an identity provider that supports SAML with Amazon Cognito to provide a simple onboarding flow for your users.

Your SAML-supporting identity provider specifies the IAM roles that can be assumed by your users so that different users can be granted different sets of permissions.

Because of what is mentioned in the AWS Documentation, all other options are invalid.

For more information on SAML Identity provider, please refer to the below URL-

https://docs.aws.amazon.com/cognito/latest/developerguide/saml-identity-provider.html

The correct answer is B. AWS Cognito Identity Pools.

Explanation:

AWS Cognito Identity Pools is a fully managed service that enables developers to create unique identities for their users across multiple identity providers and provides support for Security Assertion Markup Language (SAML) 2.0. This service provides a secure and scalable way to authenticate and manage user access to AWS resources and mobile applications.

AWS STS with IAM (Answer A) is a service that enables users to request temporary security credentials that can be used to access AWS resources. This service can be used in conjunction with IAM (Identity and Access Management) to provide granular access control over AWS resources. However, STS does not provide user management capabilities or support for SAML 2.0 authentication.

AWS Security Pools (Answer C) and AWS IAM Pools (Answer D) are not valid AWS services. Therefore, they are not the correct answer.

In summary, AWS Cognito Identity Pools should be used for user management when implementing SAML 2.0 authentication in a mobile application.