A company wishes to enable Single Sign-On (SSO)
So its employees can log in to the AWS management console using their corporate directory identity.
Which of the following step is required as part of the process?
Click on the arrows to vote for the correct answer
A. B. C. D. E.Answer - E.
Option A is incorrect.
Because a Direct connect connection is not required to access the AWS management console.
Option B is incorrect because IAM policies are not directly mapped to group memberships in the corporate directory.
It is IAM roles that are mapped.
Option C is incorrect because Lambda functions is an incorrect option to assign roles.
Option D is incorrect because IAM users are not directly mapped to employees' corporate identities.
Option E is correct.
Establishing the trust relationship between IAM and IdP is one part of the process.
This blog walks you through AWS Identity and Access Management (IAM), federated sign-in through Active Directory (AD) and Active Directory Federation Services (ADFS)
https://aws.amazon.com/blogs/security/aws-federated-authentication-with-active-directory-federation-services-ad-fs/Additional reference link:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.htmlThe correct answer is E. Create an IAM role that establishes a trust relationship between IAM and the corporate directory identity provider (IdP).
Single Sign-On (SSO) allows users to log in to multiple applications using a single set of credentials. In the case of AWS, SSO allows users to log in to the AWS Management Console using their corporate directory identity.
To enable SSO, the following steps are required:
Configure the corporate directory identity provider (IdP): This involves setting up a trust relationship between the corporate directory and AWS. The IdP can be Active Directory, LDAP, or another directory service.
Create an IAM role: This role will be used by AWS to grant access to resources based on the permissions defined in the corporate directory. The IAM role must be configured to allow the IdP to assume the role.
Configure the IdP to allow access to the IAM role: This involves configuring the IdP to allow the IAM role to be assumed by users in the corporate directory.
Configure the AWS Management Console to use SSO: This involves configuring the AWS Management Console to use the IAM role to authenticate users.
Option A is incorrect because Direct Connect is used to establish a dedicated network connection between AWS and an on-premises network. It is not required for SSO.
Option B is incorrect because while IAM policies are used to define permissions in AWS, they are not used to map group memberships in the corporate directory.
Option C is incorrect because while Lambda functions can be used to automate tasks in AWS, they are not required for SSO.
Option D is incorrect because IAM users are not used in SSO. Instead, IAM roles are used to grant access to resources based on the permissions defined in the corporate directory.