Which AWS service will meet this requirement?
AWS Directory Service
Amazon Cognito
AWS IAM Identity Center
AWS Resource Access Manager (AWS RAM)
Explanations:
AWS Directory Service is primarily used to set up a directory in the AWS cloud to manage user access to AWS resources, but it does not directly support integration with third-party identity providers for seamless single sign-on (SSO) without additional credentials.
Amazon Cognito provides user sign-up, sign-in, and access control, but it is mainly focused on mobile and web applications for user authentication. It is not designed specifically for integrating third-party IdPs for enterprise access management in AWS environments.
AWS IAM Identity Center (formerly AWS Single Sign-On) allows organizations to manage SSO access to AWS accounts and applications using a third-party IdP. It enables employees to access AWS services without needing separate AWS credentials, making it the best fit for the requirement.
AWS Resource Access Manager (AWS RAM) is used to share AWS resources between accounts but does not handle user authentication or provide access management features related to identity providers.