ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 229 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 229
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company is creating a new multi-account architecture. A SysOps administrator must implement a login solution to centrally manage user access and permissions across all AWS accounts. The solution must be integrated with AWS Organizations and must be connected to a third-party Security Assertion Markup Language (SAML) 2.0 identity provider (IdP).

What should the SysOps administrator do to meet these requirements?

  • A. Configure an Amazon Cognito user pool. Integrate the user pool with the third-party IdP.
  • B. Enable and configure AWS Single Sign-On with the third-party IdP.
  • C. Federate the third-party IdP with AWS Identity and Access Management (IAM) for each AWS account in the organization.
  • D. Integrate the third-party IdP directly with AWS Organizations.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Gil80 at Feb. 9, 2023, 11:57 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
eesa
1 year ago
The correct answer is: B. Enable and configure AWS Single Sign-On with the third-party IdP. Here's why: Centralized Management: AWS SSO allows you to centrally manage SSO access and user permissions across all AWS accounts that are part of your AWS Organizations. SAML 2.0 Integration: AWS SSO natively supports integration with third-party SAML 2.0 identity providers, enabling you to use your existing corporate credentials. Seamless Integration with AWS Organizations: AWS SSO integrates directly with AWS Organizations, making it easy to assign users and groups from your IdP to roles in any AWS account within your organization. User-friendly Configuration: AWS SSO provides a user-friendly interface for managing SSO settings and user permissions, reducing administrative overhead.
upvoted 1 times
...
Christina666
1 year, 11 months ago
Selected Answer: B
Option A (Configure an Amazon Cognito user pool. Integrate the user pool with the third-party IdP) is not the most suitable choice for the requirements mentioned. While Amazon Cognito is a service for managing user identities and access control, it is not specifically designed for centralized management of user access across AWS accounts in AWS Organizations. AWS Single Sign-On (SSO) is a more appropriate solution for this use case.
upvoted 2 times
Christina666
1 year, 11 months ago
Option B (Enable and configure AWS Single Sign-On with the third-party IdP) is the correct choice for implementing a login solution that meets the specified requirements. AWS Single Sign-On (SSO) is a service that simplifies access management for multiple AWS accounts and business applications by enabling users to sign in only once using their existing credentials from the third-party IdP (which supports SAML 2.0 in this case). It allows centralized management of access and permissions across all accounts in AWS Organizations. AWS Single Sign-On (SSO) can be integrated with third-party SAML 2.0 identity providers, which means that users from the organization can use their existing credentials to sign in to the AWS environment. The administrator can set up AWS SSO to work with AWS Organizations, which allows for simplified user management across accounts.
upvoted 9 times
jipark
1 year, 10 months ago
I'll keep in mind "AWS Single Sign-On (SSO) can be integrated with third-party SAML 2.0 identity providers"
upvoted 5 times
...
...
...
Vivec
2 years, 3 months ago
Selected Answer: B
AWS Single Sign-On (AWS SSO) is an AWS service that enables you to manage access to multiple AWS accounts and business applications through a single AWS SSO portal. It is designed to work with your identity provider (IdP) using Security Assertion Markup Language (SAML) 2.0, which makes it easy to set up federation with AWS SSO. With AWS SSO, you can centrally manage users and permissions for all your AWS accounts and business applications from your AWS SSO directory. AWS SSO is integrated with AWS Organizations, which allows you to manage access to all the AWS accounts in your organization.
upvoted 3 times
...
Phinx
2 years, 4 months ago
Selected Answer: B
It's B. AWS SSO (IAM Identity Center) supports SAML 2.0
upvoted 4 times
...
SomboonCH
2 years, 4 months ago
Selected Answer: B
AWS IAM Identity Center makes it easy to centrally manage federated access to multiple AWS accounts and business applications and provide users with single sign-on access to all their assigned accounts and applications from one place. You can use AWS IAM Identity Center for identities in the AWS IAM Identity Center’s user directory, your existing corporate directory, or external IdP.
upvoted 4 times
...
awsguru1998
2 years, 4 months ago
B. AWS Single Sign-On (SSO) is the service to use in order to integrate with a third-party identity provider (IdP) such as SAML 2.0 and centrally manage user access and permissions across all AWS accounts. AWS Cognito is used for user authentication, but not for this use case. Federating the third-party IdP with AWS IAM is not required in this situation, as AWS SSO is used to manage user access. Additionally, it is not possible to integrate the third-party IdP directly with AWS Organizations.
upvoted 3 times
...
Gil80
2 years, 4 months ago
Selected Answer: C
I think it's C: https://aws.amazon.com/identity/federation/#:~:text=AWS%20IAM%20helps%20you%20define,reusable%20custom%20managed%20IAM%20policies. "AWS IAM helps you define permissions once, and then grant, revoke or modify AWS access by simply changing the attributes in the IdP. You can apply the same federated access policy to multiple AWS accounts by implementing reusable custom managed IAM policies."
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel