Q76 — AWS SCS-C02 Ch.1

Question 76 of 100 | ← Chapter 1

A company is planning to create an organization by using AWS Organizations. The company needs to integrate user management with the company’s external identity provider (IdP). The company also needs to centrally manage access to all of its AWS accounts and applications from the organization’s management account. Which solution will meet these requirements?

Correct Answer: B. Enable AWS IAM Identity Center and use the external IdP as the identity source. Create permission sets and account assignments by using IAM Identity Center.

Explanation

AWS Organizations与外部身份提供商(IdP)集成及集中访问管理场景下,正确解决方案需结合AWS身份服务能力。AWS文档指出,IAM Identity Center(原AWS Single Sign-On)专为跨多账户和应用集中管理访问设计,支持外部IdP作为身份源。选项B通过启用IAM Identity Center集成外部IdP,利用权限集定义访问策略并分配到账户,满足统一管理需求。其他选项如Directory Service、IAM直接集成或Cognito,均不符合集成外部IdP同时集中管控多账户访问的核心要求。选项B正确。