A company needs to use its on-premises LDAP directory to authenticate users to the AWS Management Console, but the directory service is not SAML-compatible. Which solution meets this requirement?
Choose an answer
Tap an option to check your answer.
Correct answer: Develop an on-premises custom identity broker application or process that uses AWS Security Token Service (AWS STS) to get short-lived credentials..
Why this is the answer
Since the on-premises LDAP is not SAML-compatible, a custom identity broker is necessary. This broker acts as an intermediary, authenticating users against the LDAP directory. Upon successful authentication, the broker uses AWS Security Token Service (STS) to assume an IAM role and obtain temporary, short-lived AWS credentials. These credentials can then be used to access the AWS Management Console. AWS IAM Identity Center (AWS Single Sign-On) requires a SAML 2.0-compatible identity
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed