Home › AWS Solutions Architect Professional › cloudcomputing › sapcomplexity › An architect must give a third-party identity pr…
An architect must give a third-party identity provider (e.g. Okta, Azure AD) federated access to AWS for human users across many accounts. Which AWS service is the centralised endpoint?
AHardcoded IAM users per account
BIAM Identity Center (formerly AWS SSO) with external IdP
CDisabling MFA
DSharing the root password
Answer & Solution
Correct answer: B. IAM Identity Center (formerly AWS SSO) with external IdP
IAM Identity Center federates external IdPs to multi-account access. The others are textbook anti-patterns.
Related questions
Which AWS rightsizing visibility tool analyses Amazon EC2 + EBS + Lambda + Auto Scaling grAn enterprise wants to enforce 'no resources in eu-central-1' and 'no IAM users with adminAn architect needs centralised security findings (GuardDuty + Inspector + IAM Access AnalyWhich AWS purchasing option offers the deepest discount for steady-state compute usage witAn enterprise on SAP-C02 RTO/RPO design must recover a critical workload within 4 hours anWhich AWS service provides hybrid DNS by forwarding DNS queries between an on-prem resolveWhich AWS service lets one account share specific resources (e.g. Transit Gateway, subnetsAn enterprise needs a turnkey multi-account landing-zone with guardrails, account factory,