Q: 6
A company that has multiple AWS accounts maintains an on-premises Microsoft Active Directory. The
company needs a solution to implement Single Sign-On for its employees. The company wants to use
AWS IAM Identity Center.
The solution must meet the following requirements:
Allow users to access AWS accounts and third-party applications by using existing Active Directory
credentials.
Enforce multi-factor authentication (MFA) to access AWS accounts.
Centrally manage permissions to access AWS accounts and applications.
Options:
Options
Discussion
Call it C since it hooks IAM Identity Center right into the existing on-prem AD, so users keep their credentials and you still enforce MFA. B seems close but spins up a new Managed AD which isn't reusing their current setup, so not sure it's what they want. Agree?
Maybe C. Had something like this in a mock and the key is integrating existing on-prem AD directly with IAM Identity Center for SSO and MFA. B creates a new directory so doesn't fit. Anyone see this worded a bit differently?
C or B here. With B, you'd set up AWS Managed AD and tie IAM Identity Center to that, which seems like it should work for SSO and MFA. But not 100% if it would let users sign in with their existing on-prem AD credentials without more setup. Anybody confirm if direct integration (option C) is needed or will Managed AD do the trick?
Yeah, for the direct integration and central MFA, C.
Probably C
Option D doesn't seem right here, there's no need for Lambda just to sync users and enforce MFA. I think C is the straightforward choice since it lets IAM Identity Center hook directly into existing AD and does MFA. B is a bit of a trap, as Managed AD means new directory, not existing.
Be respectful. No spam.
Question 6 of 35