Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SOA-C02 Topic 7 Question 101 Discussion

Actual exam question for Amazon's SOA-C02 exam
Question #: 101
Topic #: 7
[All SOA-C02 Questions]

A company that uses AWS Organizations recently implemented AWS Control Tower The company now needs to centralize identity management A SysOps administrator must federate AWS 1AM Identity Center with an external SAML 2.0 identity provider (IdP) to centrally manage access to all the company's accounts and cloud applications

Which prerequisites must the SysOps administrator have so that the SysOps administrator can connect to the external IdP? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: A, B

IAM Identity Center SAML Metadata:

This metadata is required to establish the trust relationship between AWS IAM Identity Center and the external SAML 2.0 identity provider.

Steps:

Download the IAM Identity Center SAML metadata from the AWS Management Console.

Provide this metadata to the external IdP.

IdP Metadata:

The metadata from the IdP, including the public X.509 certificate, is needed to configure the trust relationship.

Steps:

Obtain the IdP metadata, which includes the entity ID, endpoints, and X.509 certificate.

Configure the IAM Identity Center with this information.


Contribute your Thoughts:

Kerry
2 months ago
I'm not sure about the IP address of the IdP. Do we really need that for federating AWS 1AM Identity Center?
upvoted 0 times
...
Xuan
2 months ago
I agree with Elouise. Those are essential for connecting to the external IdP and centralizing identity management.
upvoted 0 times
...
Long
3 months ago
Alright, time to put on my detective hat. The SysOps admin needs the IdP metadata and the public X.509 certificate. Easy peasy, lemon squeezy!
upvoted 0 times
...
Sylvie
3 months ago
I bet the person who wrote this question was having a bad day. 'The IP address of the IdP'? Really? That's like asking for the phone number of the data center.
upvoted 0 times
Jesus
1 months ago
B: I have no idea. Seems like they could have worded this better.
upvoted 0 times
...
Carline
2 months ago
A: Exactly. And why would you need root access to the management account for this?
upvoted 0 times
...
German
2 months ago
B: I know right? It's not like we're going to knock on their door.
upvoted 0 times
...
Tequila
2 months ago
A: Definitely a strange question. Who needs the IP address of the IdP anyway?
upvoted 0 times
...
...
Josephine
3 months ago
To federate AWS IAM Identity Center with an external SAML 2.0 IdP, the SysOps admin needs the IdP metadata and the public X.509 certificate. That's a no-brainer!
upvoted 0 times
Marti
2 months ago
B: And don't forget about the public X.509 certificate!
upvoted 0 times
...
Valentine
3 months ago
A: The SysOps admin definitely needs the IdP metadata.
upvoted 0 times
...
...
Elouise
3 months ago
I think the prerequisites are having a copy of the 1AM Identity Center SAML metadata and the IdP metadata with the public X.509 certificate.
upvoted 0 times
...
Mirta
3 months ago
Root access to the management account? What is this, a superhero movie? The SysOps admin just needs the relevant permissions, not the entire kitchen sink!
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77