Home › Forums › AWS › AWS Certified Solutions Architect Associate › Inaccurate Explanation re: IAM Identity Center
-
Inaccurate Explanation re: IAM Identity Center
Neil-TutorialsDojo updated 3 weeks, 3 days ago 2 Members · 2 Posts -
<div>The answer explanation below is misleading. According to AWS Docs, IAM Identity Center is designed to do exactly as the question asks for SAML-compatible applications. I agree that the choice is incorrect since SAML is not available in this scenario, but that is the only reason that choice is incorrect and should be the only explanation given. Saying “AWS IAM Identity Center is designed for centralized
identity management and access control” in the explanation is misleading, as that is not relevant to why this answer choice is incorrect (in fact, based on AWS documentation, it would be a correct choice if SAML was available).
</div>Question:
A company needs to integrate the Lightweight Directory Access Protocol (LDAP) directory service from the on-premises data center to the AWS VPC using IAM. The identity store which is currently being used is not compatible with SAML.
Which of the following provides the most valid approach to implement the integration?
And explanation:
Use AWS IAM Identity Center to manage access between AWS and your LDAP is
incorrect because this approach may not align with the scenario’s
requirements, as AWS IAM Identity Center is designed for centralized
identity management and access control. Additionally, the identity store
that you are using is not SAML-compatible. -
Hello zzzz,
Good day!
Thank you for bringing this to our attention. Yes, you are right. The AWS IAM Identity Center would be the correct answer if it mentioned that SAML was available.
This option is incorrect because the question states, “The identity store which is currently being used is not compatible with SAML.” IAM Identity Center primarily supports SAML 2.0-based identity providers for external identity store integration. Since SAML is not available in this scenario, the IAM Identity Center cannot be used to integrate the on-premises LDAP with AWS. This is what we intended to convey in the explanation.
We acknowledge that the current explanation is indeed misleading. We will be updating the explanation as soon as possible. It should be reflected in the portal when our admin approves the changes.
Thank you again for bringing this to our attention and helping us improve the quality of our practice exam materials.
Regards,
Neil @ Tutorials Dojo
Log in to reply.