AWS Certified Cloud Practitioner (CLF-C02) — Question 713
A company wants to manage access and permissions for its third-party software as a service (SaaS) applications. The company wants to use a portal where end users can access assigned AWS accounts and AWS Cloud applications.
Which AWS service should the company use to meet these requirements?
Answer options
- A. Amazon Cognito
- B. AWS IAM Identity Center (AWS Single Sign-On)
- C. AWS Identity and Access Management (IAM)
- D. AWS Directory Service for Microsoft Active Directory
Correct answer: B
Explanation
AWS IAM Identity Center (AWS Single Sign-On) centrally manages single sign-on access to multiple AWS accounts, cloud applications, and third-party SaaS applications through a unified portal. Amazon Cognito is designed for user authentication in custom web and mobile applications, while standard AWS IAM manages permissions within a single AWS account. AWS Directory Service enables directory-aware workloads but does not natively offer the required multi-account and SaaS portal capabilities.