Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 826 discussion

AWS IAM Identity Center (formerly AWS SSO): Provides SSO across multiple AWS accounts in an organization. By configuring a 2-way forest trust relationship between the on-premises AD and MAD, IAM Identity Center can integrate seamlessly with the existing AD to manage authentication and authorization, allowing the company to retain its existing on-premises AD as the primary identity source while extending to AWS. A - This creates a separate directory in AWS, requiring migration of users and groups, which fails to continue using the on-premises AD. C - IAM Identity Center is still needed for SSO (single sign-on) functionality. D - OK but so much overhead.

why C is out?

"continue to manage users and groups that are in the on-premises Active Directory" I go for B

AnswerB AWS Directory Service lets you run Microsoft Active Directory (AD) as a managed service. AWS Directory Service for Microsoft Active Directory, also referred to as AWS Managed Microsoft AD, is powered by Windows Server 2019. With AWS Managed Microsoft AD, you can run directory-aware workloads in the AWS Cloud, including Microsoft SharePoint and custom .NET and SQL Server-based applications. You can also configure a trust relationship between AWS Managed Microsoft AD in the AWS Cloud and your existing on-premises Microsoft Active Directory, providing users and groups with access to resources in either domain, using AWS IAM Identity Center. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html

https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_setup_trust.html

Same with Q-28