Free AWS SAP-C02 Actual Exam Questions - Question 14 Discussion
on-premises identity provider (IdP) to authenticate users' access to the AWS environment. When the
solutions architect tests authentication through the federated identity web portal, access to the AWS
environment is granted However when test users attempt to authenticate through the federated
identity web portal, they are not able to access the AWS environment
Which items should the solutions architect check to ensure identity federation isproperly configured?
(Select THREE)
Maybe C is worth checking since if test users aren’t in the right IdP group, they won’t get mapped to AWS roles properly. Also, E seems less relevant because AWS doesn’t need to reach the IdP’s DNS for SAML assertions.
Maybe D too, since the portal has to correctly call AssumeRoleWithSAML with the right ARNs and assertion for this to work. Without that step, users won’t get proper role access despite valid tokens.
This one’s tricky, but I’d rule out A since SAML federation uses roles, not individual IAM user policies. F seems solid because the IdP has to map users or groups correctly to roles with permissions. B also looks right since the trust policy of the IAM role must set the SAML provider as the principal for federated access. D makes sense too because the portal needs to call AssumeRoleWithSAML properly to get temporary credentials. I’d skip C and E—they don't seem directly related to AWS access but more about group membership and network reachability which aren’t usually blocking here. So I’m wit
It’s weird that A is mentioned—aren’t IAM users irrelevant here?