🔥 3-day streak
AWS Certified Solutions Architect - Professional80 / 186
Question 80 of 186

A large enterprise has adopted AWS Organizations with IAM Identity Center for workforce access across 40 member accounts. The company's HR system is the source of truth for employees and uses Okta as its corporate identity provider. Security requires that when an employee changes departments or leaves the company, their AWS access is automatically updated or revoked without any manual action by cloud administrators. Group memberships defined in Okta must drive which permission sets users receive. Which approach meets these requirements with the least ongoing operational overhead?

Reviewed for accuracy · Report an issueNext question