AWS Certified Solutions Architect Associate SAA-C03 Practice Question
An organization wants its employees to access its cloud resources using their existing corporate login credentials without creating separate user accounts in the cloud environment for each employee. What is the most appropriate method to achieve this?
Set up a directory service in the cloud environment and recreate all user accounts.
Configure their identity provider to federate with IAM roles using SAML.
Create individual user accounts in the cloud environment for each employee.
Use an identity service designed for customer-facing applications to authenticate users with corporate credentials.
By configuring their existing identity provider to federate with IAM roles using Security Assertion Markup Language (SAML), the organization allows employees to access cloud resources using their corporate credentials. This approach leverages IAM roles to grant temporary access based on federated authentication, eliminating the need to manage individual cloud user accounts. Setting up a directory service in the cloud and recreating user accounts duplicates identity management efforts and doesn't utilize existing credentials. Using an identity service designed for customer-facing applications is not ideal for internal employee access. Creating individual user accounts in the cloud environment is not compliant with the requirement to avoid managing separate identities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SAML and how does it work in federated identity management?
Open an interactive chat with Bash
What is an IAM role, and why is it important for access management in AWS?
Open an interactive chat with Bash
What are the benefits of using federated authentication over traditional user account management?