Certified Security - Specialty
  1. Rooms
  2. Certified Security - Specialty

Sign Up Free or Log In to participate!

Cognito and Active Directory Federation – Exam Quiz only partly correct?

One of the questions of the "Identity Access Management, S3 & Security Policies Quiz" asks:
"Which of the following can you achieve using Amazon Cognito? (Choose 2)"

The result view lists "Federated access to your web application for Active directory users" as a wrong answer.

I do not believe that this is 100% true.

Recently, I set up Active Directory using AWS Directory Service and connected it to AWS SSO [1].
Then I connected AWS SSO with a Cognito SAML identity provider [2].

Although this configuration (AWS Directory Service -> SSO -> SAML -> Cognito) is not officially documented by AWS, it is a valid solution and contradicts the correct answers to the question above.

What do you think?

[1] https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-directory-connected.html

[2] https://docs.aws.amazon.com/cognito/latest/developerguide/saml-identity-provider.html

3 Answers

Tough one.  More importantly, what do the Amazon exam authors think?

I’ll ticket this to content development to review.

Very interesting.
I need to look into this.

From a training perspective, we like to stick to the official AWS view as that is what the students will be tested on.  However the fact that it works out of the box would seem to make it valid option official or not.

My initial thinking is that If I edit the question I would more likely constrain the question rather that accept an unofficial approach.
I am getting some other pinions and then we will change the questions  😉

Rusty

Moderator & Coach

Martin Löper

Agree that the question actually must not involve Active Directory if its official support in this case ist unclear.

Hi Martin, 

I’ve had a think about this and although what you’ve done is technically possible it may not be a supported scenario. It adds a bit of extra complexity that might make this setup difficult to manage. From an architectural best practice perspective, we should always seek to avoid unnecessary complexity where possible. 

I will update the question to refer to ‘best practice’ rather than what is possible!

hope that helps 

Faye

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization