AWS Certified Security – Specialty (SCS-C02) — Question 253

A company controls user access by using IAM users and groups in AWS accounts across an organization in AWS Organizations. The company uses an external identity provider (IdP) for workforce single sign-on (SSO).

The company needs to implement a solution to provide a single management portal to access accounts within the organization. The solution must support the external IdP as a federation source.

Which solution will meet these requirements?

Answer options

• A. Enable AWS IAM Identity Center. Specify the external IdP as the identity source.
• B. Enable federation with AWS Identity and Access Management (IAM). Specify the external IdP as the identity source.
• C. Migrate to Amazon Verified Permissions. Implement fine-grained access to AWS by using policy-based access control (PBAC).
• D. Migrate users to AWS Directory Service. Use AWS Control Tower to centralize security across the organization.

Correct answer: A

Explanation

The correct answer is A because enabling AWS IAM Identity Center allows for a centralized management portal and supports external IdP as a federation source. Options B, C, and D do not provide the same level of integration with external IdPs for SSO or do not meet the requirement of a single management portal for account access.