Question #889
A company requires a centralized authentication system enabling external partners to securely access multiple third-party enterprise applications that use Security Assertion Markup Language (SAML) 2.0. Which AWS service should be implemented to achieve this?
AWS Identity and Access Management (IAM)
Amazon Cognito
AWS IAM Identity Center (AWS Single Sign-On)
AWS CLI
Explanation
Amazon Cognito is designed for managing external identities (e.g., partners, customers) and supports SAML 2.0 federation. It allows the company to create a user pool or integrate with partners' existing identity providers (IdPs). Cognito acts as an identity broker, issuing SAML assertions to third-party applications after authentication. This makes it ideal for enabling external partners to securely access multiple SAML-based applications.
AWS IAM Identity Center (C) is primarily for workforce SSO (employees/contractors) accessing AWS accounts and integrated SaaS apps, not external partners. AWS IAM (A) manages AWS resource access, not third-party app authentication. AWS CLI (D) is a command-line tool unrelated to authentication. Cognito's focus on external identities and SAML federation aligns with the scenario's requirements.
Answer
The correct answer is: B