The most suitable solution involves setting up federation using a Security Assertion Markup Language (SAML) 2.0 integration between the enterprise directory service and a cloud identity service that supports SAML to provide access to roles within the cloud environment. This setup allows enterprise users to authenticate using their existing directory credentials and assume pre-configured roles to access needed resources. This approach is scalable, secure, avoids duplication of identity repositories, and adheres to best practices.

Other options, such as creating individual cloud service user accounts for each identity in the directory service, are not scalable, increase administrative overhead, and are not secure. Enabling individual static keys is a poor security practice and does not leverage the existing directory. Configuring network connectivity does not establish identity federation or enable a unified sign-on experience.