Which solution will meet these requirements?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A company is migrating applications to AWS.The applications are deployed in different accounts.The company manages the accounts centrally by using AWS Organizations.The company’s security team needs a single sign-on (SSO) solution across all the company’s accounts.The company must continue managing the users and groups in its on-premises self-managed Microsoft Active Directory.

Which solution will meet these requirements?

Enable AWS Single Sign-On (AWS SSO) from the AWS SSO console. Create a one-way forest trust or a one-way domain trust to connect the company’s self-managed Microsoft Active Directory with AWS SSO by using AWS Directory Service for Microsoft Active Directory.

Enable AWS Single Sign-On (AWS SSO) from the AWS SSO console. Create a two-way forest trust to connect the company’s self-managed Microsoft Active Directory with AWS SSO by using AWS Directory Service for Microsoft Active Directory.

Use AWS Directory Service. Create a two-way trust relationship with the company’s self-managed Microsoft Active Directory.

Deploy an identity provider (IdP) on premises. Enable AWS Single Sign-On (AWS SSO) from the AWS SSO console.

Explanations:

A one-way trust does not allow for bi-directional authentication, which is necessary for full SSO capabilities across accounts.

A two-way forest trust allows for full integration between the on-premises Active Directory and AWS SSO, enabling seamless SSO across multiple AWS accounts.

While a two-way trust is necessary, simply using AWS Directory Service without configuring AWS SSO does not fulfill the requirement for SSO across accounts.

Deploying an on-premises IdP can provide SSO, but it does not utilize AWS SSO, which is explicitly required in the scenario.

Leave a Reply

Your email address will not be published. Required fields are marked *

sixteen + eleven =