Which option below will meet the needs for your NOC members?
Use OAuth 2.0 to retrieve temporary AWS security credentials to enable your NOC members to sign in to the AWS Management Console.
Use web Identity Federation to retrieve AWS temporary security credentials to enable your NOC members to sign in to the AWS Management Console.
Use your on-premises SAML 2.0-compliant identity provider (IDP) to grant the NOC members federated access to the AWS Management Console via the AWS single sign-on (SSO) endpoint.
Use your on-premises SAML2.0-compliam identity provider (IDP) to retrieve temporary security credentials to enable NOC members to sign in to the AWS Management Console.
Explanations:
OAuth 2.0 is primarily used for authorizing access to resources but does not directly provide a method for signing into the AWS Management Console with temporary AWS security credentials.
Web Identity Federation allows users to authenticate with an identity provider like Google or Facebook but does not apply to on-premises identity scenarios and would not meet the needs of NOC members using an internal identity system.
Using a SAML 2.0-compliant IDP for federated access allows NOC members to sign in to the AWS Management Console via AWS SSO, enabling seamless access without needing to create separate IAM users.
While SAML 2.0 can retrieve temporary credentials, it does not directly allow sign-in to the AWS Management Console without an intermediary, like AWS SSO, which provides a better user experience and management capability.