Answer-first summary for fast verification
Answer: Enable AWS SSO and establish a one-way trust between the self-managed Active Directory and AWS SSO using AWS Directory Service.
The correct answer is A. Enabling AWS Single Sign-On (AWS SSO) from the AWS SSO console and creating a one-way forest trust or a one-way domain trust to connect the company's self-managed Microsoft Active Directory with AWS SSO by using AWS Directory Service for Microsoft Active Directory meets the requirements. This setup allows the company to utilize its existing Active Directory for user and group management while integrating SSO across all its AWS accounts managed via AWS Organizations. Options B and C suggest a two-way trust, which is not necessary in this scenario. Option D involves deploying an on-premises identity provider, which adds unnecessary complexity.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company using AWS Organizations for account management is migrating applications across different accounts and requires a single sign-on (SSO) solution. The SSO must integrate with the company's existing on-premises Microsoft Active Directory, which will continue to manage users and groups. What is the appropriate solution?
A
Enable AWS SSO and establish a one-way trust between the self-managed Active Directory and AWS SSO using AWS Directory Service.
B
Enable AWS SSO and create a two-way forest trust between the self-managed Active Directory and AWS SSO using AWS Directory Service.
C
Utilize AWS Directory Service to establish a two-way trust with the self-managed Active Directory.
D
Implement an on-premises identity provider and enable AWS SSO for integration.
No comments yet.