🔥 3-day streak
AWS Certified Security - Specialty76 / 184
Question 76 of 184

A company with 40 AWS accounts under AWS Organizations currently uses direct SAML 2.0 federation, configuring an individual SAML identity provider and set of IAM roles in each member account. Administrators complain that onboarding a new account requires manually replicating dozens of IAM roles and trust configurations, and that access reviews are difficult because entitlements are scattered across accounts. The security team wants a solution that centralizes workforce access assignment, integrates with their existing external SAML IdP, and minimizes per-account IAM role maintenance. Which approach best meets these requirements?

Reviewed for accuracy · Report an issueNext question