Explanation:
To federate AWS IAM Identity Center (formerly AWS SSO) with an external SAML 2.0 identity provider (IdP), a mutual trust must be established. This requires the SysOps administrator to provide the IAM Identity Center SAML metadata to the external IdP, and conversely, provide the external IdP's metadata (which contains the public X.509 certificate used for validation) to IAM Identity Center.
Ultimate access to all questions.
No comments yet.
Question 49 A company that uses AWS Organizations recently implemented AWS Control Tower. The company now needs to centralize identity management. A SysOps administrator must federate AWS IAM Identity Center with an external SAML 2.0 identity provider (IdP) to centrally manage access to all the company's accounts and cloud applications. Which prerequisites must the SysOps administrator have so that the SysOps administrator can connect to the external IdP? (Choose two.)
A
A copy of the IAM identity Center SAML metadata
B
The IdP metadata including the public X 509 certificate
C
The IP address of the IdP
D
Root access to the management account
E
Administrative permissions to the member accounts of the organization