Your company decided to create AWS Account and start moving some workloads to the cloud. The security team would like to utilize the existing identity and access management system which is based on Active Directory to manage access to the new AWS Account. For that reason you decided to use SAML federation to allow users in local identity and access management system access to AWS Services.
Which of the following are primary components in SAML Federation configuration for the new AWS account? (Choose 2 answers)
Explanation
To enable SAML-Based federation for AWS Account, the following actions are required
1- Inside your organization’s network, you configure your identity store (such as Windows Active Directory) to work with a SAML-based identity provider (IdP) like Windows Active Directory Federation Services
2- In IAM, create a new SAML provider, which is an entity in IAM that holds information about your organization’s identity provider.
3- You also need to create roles that will map to allowed groups in company’s identity store, members of these groups will be presented with set of roles that map to their group membership to choose which role they would like to assume while logging in to AWS console
Explanation
To enable SAML-Based federation for AWS Account, the following actions are required
1- Inside your organization’s network, you configure your identity store (such as Windows Active Directory) to work with a SAML-based identity provider (IdP) like Windows Active Directory Federation Services
2- In IAM, create a new SAML provider, which is an entity in IAM that holds information about your organization’s identity provider.
3- You also need to create roles that will map to allowed groups in company’s identity store, members of these groups will be presented with set of roles that map to their group membership to choose which role they would like to assume while logging in to AWS console