A company wishes to enable Single Sign-On (SSO). So its employees can log in to the AWS management console using their corporate directory identity. Which of the following step is required as part of the process?

Answer options:

A.Create a Direct Connect connection between the on-premises network and AWS. Use an AD connector for connecting AWS with an on-premises active directory.
B.Create IAM policies that can be mapped to group memberships in the corporate directory.
C.Create a Lambda function to assign IAM roles to the temporary security tokens provided to the users.
D.Create IAM users that can be mapped to the employees’ corporate identities.
E.Create an IAM role that establishes a trust relationship between IAM and the corporate directory identity provider (IdP).

Answer – E
Option A is incorrect. Because a Direct connect connection is not required to access the AWS management console.
Option B is incorrect because IAM policies are not directly mapped to group memberships in the corporate directory. It is IAM roles that are mapped.
Option C is incorrect because Lambda functions is an incorrect option to assign roles.
Option D is incorrect because IAM users are not directly mapped to employees’ corporate identities.
Option E is correct. Establishing the trust relationship between IAM and IdP is one part of the process. This blog walks you through AWS Identity and Access Management (IAM), federated sign-in through Active Directory (AD) and Active Directory Federation Services (ADFS)
https://aws.amazon.com/blogs/security/aws-federated-authentication-with-active-directory-federation-services-ad-fs/
Additional reference link:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html