Connect On-Premises AD with AWS SSO

Correct Answers: C and E.

For connecting on-premises AD to AWS SSO, one of the following two ways can be done.

Use AD Connector which would forward all requests from AWS to on-premises AD on which users are created.

Use AWS Managed Microsoft AD with a two-way trust relationship with on-premises AD.

Options A & B are incorrect as Simple AD is not a valid option for connecting on-premises AD with AWS SSO.

Option D is incorrect as replication is not supported with AWS Managed Microsoft AD with on-premises AD.For more information on connecting on-premises AD with AWS SSO, refer to the following URL,

Sure, I'd be happy to provide a detailed explanation of the answer options for this question.

The scenario given is that an engineering firm has migrated some of its services to AWS infrastructure, and users from on-premises AD need to access AWS resources, business applications, and GitHub using AWS SSO. The question asks which actions are possible to establish connectivity between on-premises AD and AWS SSO.

A. Configure Simple AD in AWS with two-way trust relationship with on-premise A.

This option involves configuring Simple AD in AWS with a two-way trust relationship with the on-premises AD. Simple AD is a Microsoft Active Directory-compatible directory service offered by AWS. When a trust relationship is established between two Active Directory domains, users in one domain can be granted access to resources in the other domain. In this case, the two-way trust relationship would allow on-premises AD users to authenticate with Simple AD and access AWS resources.

B. Configure Simple AD in AWS with replication enabled with on-premise A.

This option involves configuring Simple AD in AWS with replication enabled with the on-premises AD. Replication allows changes made to the on-premises AD to be automatically synchronized with Simple AD in AWS. This option would allow on-premises AD users to authenticate with Simple AD and access AWS resources.

C. Configure AD Connector to redirect requests to on-premise A.

AD Connector is a service offered by AWS that allows on-premises AD to be used to authenticate with AWS resources. When AD Connector is configured, users can authenticate with the on-premises AD and access AWS resources without the need for separate AWS credentials. This option would allow on-premises AD users to authenticate with AWS SSO and access AWS resources.

D. Configure AWS Managed Microsoft AD in AWS with replication enabled with on-premise A.

This option involves configuring AWS Managed Microsoft AD in AWS with replication enabled with the on-premises AD. AWS Managed Microsoft AD is a fully managed Microsoft Active Directory-compatible directory service offered by AWS. Replication allows changes made to the on-premises AD to be automatically synchronized with AWS Managed Microsoft AD in AWS. This option would allow on-premises AD users to authenticate with AWS Managed Microsoft AD and access AWS resources.

E. Configure AWS Managed Microsoft AD in AWS with two-way trust relationship with on-premise A.

This option involves configuring AWS Managed Microsoft AD in AWS with a two-way trust relationship with the on-premises AD. As mentioned earlier, when a trust relationship is established between two Active Directory domains, users in one domain can be granted access to resources in the other domain. This option would allow on-premises AD users to authenticate with AWS Managed Microsoft AD and access AWS resources.

In summary, options A, B, C, D, and E are all possible solutions for establishing connectivity between on-premises AD and AWS SSO. Options A and B involve using Simple AD in AWS, while options C, D, and E involve using AWS Managed Microsoft AD. Option C uses AD Connector to redirect requests to the on-premises AD, while options A, B, D, and E involve establishing a trust relationship between the on-premises AD and the directory service in AWS.