Which action will resolve this access issue?

By:
In: SOA-C02
Tagged:
With: 1 Comment
A company’s SysOps administrator uses AWS IAM Identity Center (AWS Single Sign-On) to connect to an Active Directory.The SysOps administrator creates a new account that all the company’s users need to access.The SysOps administrator uses the Active Directory Domain Users group for permissions to the new account because all users are already members of the group.When users try to log in, their access is denied.

Which action will resolve this access issue?

Create a new group. Add users to the new group to provide access.

Correct the time on the Active Directory domain controllers.

Remove the account. Re-add the account to the organization that is integrated with IAM Identity Center.

Correct the permissions on the Active Directory group so that IAM Identity Center has read access.

Explanations:

Creating a new group and adding users will not resolve the issue unless the permissions are correct in the existing group.

The time on the Active Directory domain controllers may affect authentication, but this is not directly related to the issue of access denial via IAM Identity Center.

Removing and re-adding the account does not address the underlying issue of permissions on the Active Directory group.

IAM Identity Center needs read access to the Active Directory group. Correcting the permissions ensures IAM Identity Center can properly access and validate user membership for authentication.

2025-10-08

1 Comment

  1. Judith
    Author

    I categorize that the answer is:
    Correct the permissions on the Active Directory group so that IAM Identity Center has read access.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 × 1 =