Which combination of actions should a solutions architect recommend to meet these requirements?

Explanations:

Creating a new organization in AWS Organizations with all features turned on allows for consolidated billing, governance, and management of multiple AWS accounts. This provides a framework to create and manage the new AWS accounts for different business units effectively.

While Amazon Cognito can provide user authentication, it does not directly integrate with AWS IAM Identity Center (AWS Single Sign-On) for managing access across multiple AWS accounts in a multi-account architecture. The requirements focus on centralizing authentication using a corporate directory service, which is better handled by AWS IAM Identity Center.

Service Control Policies (SCPs) are used to manage permissions across accounts in an organization, but SCPs do not provide authentication. AWS IAM Identity Center is a better fit for integrating with the corporate directory service for user authentication, while AWS Directory Service is used for domain services rather than directly managing user authentication for AWS accounts.

AWS Organizations does not have a mechanism to directly use AWS Directory Service for authentication purposes. Instead, IAM Identity Center is designed to work with directory services for centralized authentication across multiple AWS accounts.

Setting up AWS IAM Identity Center (AWS Single Sign-On) and integrating it with the corporate directory service allows for centralized authentication management across the AWS accounts in the organization. This aligns with the requirement to authenticate access using a corporate directory.