Exam AWS Certified Cloud Practitioner CLF-C02 topic 1 question 170 discussion

B. AWS Cognito is correct answer. The user wants to login to THIRD PARTY APPLICATION Not to AWS SERVICES. Definition of Cognito - Amazon Cognito supports authentication with identity providers (IdPs) through Security Assertion Markup Language 2.0 (SAML 2.0). You can use an IdP that supports SAML with Amazon Cognito to provide a simple onboarding flow for your users. Support page - https://docs.aws.amazon.com/cognito/latest/developerguide/saml-identity-provider.html

Cognito allows access by utilizing 3rd party identity provider. Providers include google, Amazon, Facebook. SAML 2.0 PROVIDERS, MICOROSFT Active Directory

https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-applications.html

C. AWS IAM Identity Center (AWS Single Sign-On) Explanation: AWS IAM Identity Center (previously AWS Single Sign-On) is designed to provide a central authentication portal for users to access multiple third-party business applications that support SAML 2.0. It allows organizations to manage user identities and permissions centrally while enabling seamless single sign-on (SSO) to various applications. Why not the other options? A. AWS Identity and Access Management (IAM) → IAM is mainly used to manage AWS resources and permissions, not third-party SAML-based authentication. B. Amazon Cognito → Cognito is used for user authentication in custom web and mobile apps, but it is not optimized for central SSO to third-party SAML apps. D. AWS CLI → The AWS CLI is a command-line tool for managing AWS resources and does not provide a user login portal. ChatGPT

ANSWER : C. AWS IAM Identity Center (AWS Single Sign-On) Explanation: AWS IAM Identity Center (formerly AWS Single Sign-On) is designed to provide a centralized user portal for users to log in and access multiple third-party business applications that support SAML 2.0. It allows organizations to manage user authentication and authorization efficiently across various applications, including AWS accounts, SAML-based applications, and SaaS providers.

Its Option c

AWS IAM Identity Center (formerly AWS Single Sign-On) is a service that enables users to access multiple business applications, including third-party applications that support Security Assertion Markup Language (SAML) 2.0, from a central portal. With AWS IAM Identity Center, you can configure single sign-on (SSO) for both AWS applications and third-party SAML-compatible applications, allowing users to log in once and seamlessly access all connected applications.

AWS IAM Identity Center (AWS SSO) provides a centralized user portal for accessing various applications, including third-party business applications, and supports SAML 2.0 for single sign-on (SSO). It enables users to log in once to the AWS SSO portal and access a variety of SAML-based applications without needing to log in separately to each one. AWS SSO integrates with existing identity providers or can manage user identities natively, making it an ideal solution for managing access to multiple SAML-supported applications.

AWS IAM Identity Center (AWS Single Sign-On) provides a central user portal for single sign-on access to multiple AWS accounts, business applications, and third-party services that support SAML 2.0. It is specifically designed to simplify user access management and enables seamless integration with SAML-enabled applications. B. Amazon Cognito: While Cognito supports user authentication and federation, it is better suited for custom-built apps and not a centralized SSO solution for multiple third-party apps.

B as Amazon Cognito does NOT provide a central user portal

read up on it again

B. Amazon Cognito

Amazon Web Services (AWS) IAM Identity Center is a cloud-based service that allows users to sign in to AWS accounts and third-party applications using a central user portal:

Amazon Cognito is correct. It's a managed service that enables you to handle authentication and aspects of authorization for your custom web and mobile applications through AWS. You provide users with IAM-equivalent permissions, without granting them full IAM access.

AWS IAM Identity Center (formerly AWS Single Sign-On) is a service that simplifies the management of user identities and access across multiple AWS accounts and applications. The key is AWS accounts and applications. AWS Cognito is not specific to AWS, and provides Third Party and SAML support

B. AWS Cognito is a correct answer

on single portal for all account SAML2.0 Third party application access.