AWS Certified SysOps Administrator – Associate — Question 370

A company that uses AWS Organizations recently implemented AWS Control Towerю The company now needs to centralize identity management. A SysOps administrator must federate AWS ШAM Identity Center with an external SAML 2.0 identity provider (IdP) to centrally manage access to all the company's accounts and cloud applications.

Which prerequisites must the SysOps administrator have so that the SysOps administrator can connect to the external IdP? (Choose two.)

Answer options

• A. A copy of the IAM identity Center SAML metadata
• B. The IdP metadata including the public X 509 certificate
• C. The IP address of the IdP
• D. Root access to the management account
• E. Administrative permissions to the member accounts of the organization

Correct answer: A, B

Explanation

To establish a trust relationship for federating AWS IAM Identity Center with an external SAML 2.0 IdP, the administrator must exchange SAML metadata between both systems. This requires obtaining the SAML metadata from AWS IAM Identity Center to configure the IdP, and obtaining the IdP's metadata (which includes the public X.509 certificate) to configure AWS. Other network details like IP addresses, or root/member account credentials, are not required for establishing this SAML federation.