Exam AWS Certified Cloud Practitioner CLF-C02 topic 1 question 170 discussion

B. AWS Cognito is correct answer. The user wants to login to THIRD PARTY APPLICATION Not to AWS SERVICES. Definition of Cognito - Amazon Cognito supports authentication with identity providers (IdPs) through Security Assertion Markup Language 2.0 (SAML 2.0). You can use an IdP that supports SAML with Amazon Cognito to provide a simple onboarding flow for your users. Support page - https://docs.aws.amazon.com/cognito/latest/developerguide/saml-identity-provider.html

Cognito allows access by utilizing 3rd party identity provider. Providers include google, Amazon, Facebook. SAML 2.0 PROVIDERS, MICOROSFT Active Directory

Its Option c

AWS IAM Identity Center (formerly AWS Single Sign-On) is a service that enables users to access multiple business applications, including third-party applications that support Security Assertion Markup Language (SAML) 2.0, from a central portal. With AWS IAM Identity Center, you can configure single sign-on (SSO) for both AWS applications and third-party SAML-compatible applications, allowing users to log in once and seamlessly access all connected applications.

AWS IAM Identity Center (AWS SSO) provides a centralized user portal for accessing various applications, including third-party business applications, and supports SAML 2.0 for single sign-on (SSO). It enables users to log in once to the AWS SSO portal and access a variety of SAML-based applications without needing to log in separately to each one. AWS SSO integrates with existing identity providers or can manage user identities natively, making it an ideal solution for managing access to multiple SAML-supported applications.

AWS IAM Identity Center (AWS Single Sign-On) provides a central user portal for single sign-on access to multiple AWS accounts, business applications, and third-party services that support SAML 2.0. It is specifically designed to simplify user access management and enables seamless integration with SAML-enabled applications. B. Amazon Cognito: While Cognito supports user authentication and federation, it is better suited for custom-built apps and not a centralized SSO solution for multiple third-party apps.

B as Amazon Cognito does NOT provide a central user portal

read up on it again

B. Amazon Cognito

Amazon Web Services (AWS) IAM Identity Center is a cloud-based service that allows users to sign in to AWS accounts and third-party applications using a central user portal:

Amazon Cognito is correct. It's a managed service that enables you to handle authentication and aspects of authorization for your custom web and mobile applications through AWS. You provide users with IAM-equivalent permissions, without granting them full IAM access.

AWS IAM Identity Center (formerly AWS Single Sign-On) is a service that simplifies the management of user identities and access across multiple AWS accounts and applications. The key is AWS accounts and applications. AWS Cognito is not specific to AWS, and provides Third Party and SAML support

B. AWS Cognito is a correct answer

on single portal for all account SAML2.0 Third party application access.

A company needs a central user portal --> AWS IAM identity center

Based on copilot: "To meet the requirement of providing a central user portal for logging into third-party business applications that support SAML 2.0, the appropriate AWS service is AWS IAM Identity Center (AWS Single Sign-On). This service allows users to access multiple applications with a single set of credentials, simplifying the login process and enhancing security. Amazon Cognito, on the other hand, is primarily used for user authentication and management for web and mobile apps, but it does not provide the same centralized SSO capabilities for third-party SAML applications as AWS IAM Identity Center does."

The correct answer is: C. AWS IAM Identity Center (AWS Single Sign-On) Explanation: AWS IAM Identity Center (formerly AWS Single Sign-On) is a service that enables users to access multiple business applications, including third-party applications that support Security Assertion Markup Language (SAML) 2.0, from a central portal. With AWS IAM Identity Center, you can configure single sign-on (SSO) for both AWS applications and third-party SAML-compatible applications, allowing users to log in once and seamlessly access all connected applications. AWS IAM Identity Center (AWS Single Sign-On) is the ideal service to set up a centralized user portal for logging into third-party applications using SAML 2.0.