Question #595

Explanation

The correct answer is B. AWS IAM Identity Center (AWS Single Sign-On). This service is designed specifically to manage access to AWS resources and third-party SaaS applications through a single portal. It allows users to manage permissions centrally and provides an easy way for end users to access all assigned accounts and applications without multiple logins, effectively catering to the company's requirement to manage access and permissions for their SaaS applications.

Why the other options are incorrect:
- A. Amazon Cognito: While Amazon Cognito provides authentication and user management for mobile and web applications, it is not specifically tailored for managing access and permissions across multiple AWS accounts and SaaS applications in a centralized way. It’s more focused on user sign-up and sign-in capabilities for standalone applications rather than organizational access management.
- C. AWS Identity and Access Management (IAM): IAM is mostly used for managing permissions and access for AWS resources on a per-identity basis within an AWS Account. It lacks the centralized user portal necessary for managing access across multiple AWS accounts and third-party applications efficiently.
- D. AWS Directory Service for Microsoft Active Directory: This service allows the integration of Microsoft Active Directory with AWS and is useful for managing user identities within AWS. However, it does not inherently provide a user portal for end users to access different SaaS applications and AWS accounts in the same unified experience as AWS IAM Identity Center.

Key Points to Remember:
- AWS IAM Identity Center (AWS Single Sign-On) is ideal for user access management across different AWS accounts and SaaS applications with a centralized portal.
- Other AWS services like Amazon Cognito and IAM have specific use cases that do not meet the comprehensive requirements outlined in the question.

Answer

The correct answer is: B