Which technique can be used to integrate AWS IAM (Identity and Access Management) with an on-premises LDAP (Lightweight Directory Access Protocol) directory service for single sign-on access to AWS console?

Answer options:

A.Use an IAM policy that references the LDAP account identifiers and the AWS credentials.
B.Use SAML (Security Assertion Markup Language) to enable single sign-on between AWS and LDAP.
C.Use AWS Security Token Service (AWS STS) to issue long-lived AWS credentials.
D.Use IAM roles to rotate the IAM credentials when LDAP credentials are updated automatically.

Answer – B
According to https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_federated-users.html, you can use SAML to provide your users with federated single sign-on (SSO) to the AWS Management Console or federated access to call AWS API operations.
Options A, C and D are all incorrect because all of these options cannot help you to enable single sign-on.