An enterprise has mandated that their cloud-hosted applications authenticate users from the on-premises directory service without duplicating sensitive credentials. Which approach should be employed to meet this requirement while leveraging the organization's existing user directory?
Integrate the application through federation using SAML 2.0 with the organization's existing identity management system.
Migrate the on-premises directory service users to a cloud directory service with User Pools.
Implement application-side user authentication controls using the Access Control List (ACL) feature of a cloud directory service.
Generate temporary access credentials for users via a token service to authenticate against the on-premises directory service.