Learn how to automate AWS IAM access for your employees using your existing Active Directory system with SCIM protocol. Implement automatic provisioning and deprovisioning of users and groups for improved security and efficiency.
Table of Contents
Question
A company manually provisions IAM access for its employees. The company wants to replace the manual process with an automated process. The company has an existing Active Directory system configured with an external SAML 2.0 identity provider (IdP).
The company wants employees to use their existing corporate credentials to access AWS. The groups from the existing Active Directory system must be available for permission management in AWS Identity and Access Management (IAM). A DevOps engineer has completed the initial configuration of AWS IAM Identity Center (AWS Single Sign-On) in the company’s AWS account.
What should the DevOps engineer do next to meet the requirements?
A. Configure an external IdP as an identity source. Configure automatic provisioning of users and groups by using the SCIM protocol.
B. Configure AWS Directory Service as an identity source. Configure automatic provisioning of users and groups by using the SAML protocol.
C. Configure an AD Connector as an identity source. Configure automatic provisioning of users and groups by using the SCIM protocol.
D. Configure an external IdP as an identity source Configure automatic provisioning of users and groups by using the SAML protocol.
Answer
A. Configure an external IdP as an identity source. Configure automatic provisioning of users and groups by using the SCIM protocol.
Explanation
The company wants to use their existing Active Directory system as the identity source for AWS IAM, so the DevOps engineer should configure an external IdP as an identity source in AWS IAM Identity Center. This will allow the company to use their existing Active Directory system for authentication and permission management in AWS.
To meet the requirements, the DevOps engineer should configure automatic provisioning of users and groups by using the SCIM protocol. SCIM (System for Cross-domain Identity Management) is a standard protocol for automating the provisioning and deprovisioning of digital identities across systems and organizations. By using SCIM, the DevOps engineer can automatically provision and deprovision users and groups in AWS IAM based on changes made to the Active Directory system.
Amazon AWS Certified DevOps Engineer – Professional DOP-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified DevOps Engineer – Professional DOP-C02 exam and earn Amazon AWS Certified DevOps Engineer – Professional DOP-C02 certification.