Identity Center 1

Question 1

High Level

What is IAM IC all about?

Answer 1

Streamline managing how humans access all your company’s AWS accounts

Question 2

High Level

How does it simplify managing humans?

Answer 2

Each AWS account doesn’t have an IAM User for each human - only one in IAM IC

Question 3

High Level

How do I “turn on” Identity Center?

Answer 3

Must use root creds in your account, need Organizations turned on.

Question 4

High Level

What can you configure in IC for your users to access?

important

Answer 4

Both AWS accoucnts and other External Applications

Question 5

High Level

2 highest-level features?

important

Answer 5

Single sign-on to many things from one identity provider; centralized permission management

Question 6

High Level

How much does IC cost?

Answer 6

Free

Question 7

Workforce Identity

Question talking about workplace identity federation, preferred soln?

important

Answer 7

IC (over any other methods like granting IAM Users to everyone)

Question 8

Workforce Identity

Question talking about web identity federation, preferred soln?

important

Answer 8

Not IC! Probably Cognito

Question 9

Workforce Identity

Why prefer IC over other (older) things like SAML federation?

important

Answer 9

IC manages permissions across all AWS accounts and external programs.

Question 10

Workforce Identity

What are workforce identities?

Answer 10

Human users in your company.

Question 11

Workforce Identity

Where do you store workforce identities?

Answer 11

Either on-prem in your own AD, or in Identity Center as users & groups

Question 12

Identity Sources

Three places you can store users and groups?

Answer 12

Inside IC, Active Directory, external Identity Provider (IdP)

Question 13

Identity Sources

Examples of Active Directory?

Answer 13

Refers to AWS-managed AD or AD Connector

Question 14

Identity Sources

Examples of external IdP?

Answer 14

Azure AD, Google Workspace

Question 15

Identity Sources

How do users sign-in if you manage Workforce Identities in IC?

Answer 15

Use the AWS access portal

Question 16

Identity Sources

How do users sign-in if you manage Workforce Identities in IC?

Answer 16

Use the AWS access portal

Question 17

Identity Sources

How do users sign-in if you manage Workforce Identities in an IdP?

Answer 17

Use the IdP’s signin page, and are redirected to the AWS access portal (already logged-in)

Question 18

Identity Sources

High-level how do you use an Identity Source?

Answer 18

Synchronize users and groups from your IS into IAM IC.

Question 19

Identity Sources

Why important to pick your identity source when enabling Identity Center?

Answer 19

Changing later may remove all your current users in Identity Center.

Question 20

Identity Sources

What happens if you switch from internally-managed workforce identities to an external IdP?

Answer 20

Same-named usernames work, others are stranded.

Question 21

Identity Sources

What happens if you switch from one external IdP to another?

Answer 21

If they both send the same SAML assertions and usernames match, all app assignments still work.

Question 22

Identity Sources

What happens if you switch to/from AD and an external IdP?

Answer 22

All workforce identies are deleted from Identity Center.