AWS Single Sign-On is a cloud-based single sign-on (SSO) service that makes it easy to centrally manage SSO access to all of the AWS accounts and cloud applications.
AWS SSO also helps manage access and permissions to commonly used third-party software as a service (SaaS) applications, AWS SSO-integrated applications as well as custom applications that support SAML 2.0.
AWS SSO includes a user portal where the end-users can find and access all their assigned AWS accounts, cloud applications, and custom applications in one place.
AWS SSO Features
AWS Organizations Integration
natively integrates with AWS Organizations and enumerates all the AWS accounts.
SSO access to AWS accounts and cloud applications
helps manage Single Sign-On across all the AWS accounts, cloud applications, AWS SSO-integrated applications, and custom SAML 2.0–based applications, without custom scripts or third-party SSO solutions.
Create and manage users and groups in AWS SSO
provides a default store to manage the users and groups directly in the console.
It also connects to an existing AWS Managed Microsoft AD directory and manages the users with standard Active Directory management tools provided in Windows Server.
Leverage your existing corporate identities
is integrated with Microsoft AD through the AWS Directory Service to allow sign-in to the AWS Single Sign-On user portal using their corporate Active Directory credentials.
Compatible with commonly used cloud applications
supports commonly used cloud applications such as Salesforce, Box, and Office 365.
Easy to set up and monitor usage
Is quick to set up, highly available and provides a completely secure infrastructure that scales to the needs and does not require software or hardware to manage.
Integrates with AWS CloudTrail providing the visibility to monitor and audit Single Sign-On activity in one place.
Co-exists with existing IAM users, roles, and policies
has no impact on the users, roles, or policies that are already managed in IAM.
No-cost identity management
available at no additional cost.
AWS SSO Identity Source
AWS SSO identity store
provides a default store to create and manage the users and groups, and assign their level of access to the AWS accounts and applications.
Supports self-managed Active Directory (AD) or AWS Managed Microsoft AD directory using AWS Directory Service.
External identity provider
Supports external identity providers (IdP) such as Okta or Azure AD.
AWS Certification Exam Practice Questions
Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
Open to further feedback, discussion and correction.
Which of the following can a customer use to enable single sign-on (SSO) to the AWS Console?