🔥 3-day streak
AWS Certified Solutions Architect - Professional85 / 186
Question 85 of 186
A global enterprise uses AWS IAM Identity Center federated with an external SAML identity provider to grant workforce users access across 200 accounts in AWS Organizations. Security requires that developers accessing the production OU can hold their federated console and CLI sessions for no more than 1 hour before reauthentication, while the same developers accessing the sandbox OU may keep sessions for up to 12 hours. Both groups of accounts are assigned using the same permission set today. The team wants the least-effort, centrally managed solution that enforces the differing session lifetimes without creating separate identity providers. What should the solution architect recommend?
Reviewed for accuracy · Report an issueNext question