Answer - B.
This is also given in the AWS Documentation.
Amazon Cognito supports authentication with identity providers through Security Assertion Markup Language 2.0 (SAML 2.0)
You can use an identity provider that supports SAML with Amazon Cognito to provide a simple onboarding flow for your users.
Your SAML-supporting identity provider specifies the IAM roles that can be assumed by your users so that different users can be granted different sets of permissions.
Because of what is mentioned in the AWS Documentation, all other options are invalid.
For more information on SAML Identity provider, please refer to the below URL-
https://docs.aws.amazon.com/cognito/latest/developerguide/saml-identity-provider.html
The correct answer is B. AWS Cognito Identity Pools.
Explanation:
AWS Cognito Identity Pools is a fully managed service that enables developers to create unique identities for their users across multiple identity providers and provides support for Security Assertion Markup Language (SAML) 2.0. This service provides a secure and scalable way to authenticate and manage user access to AWS resources and mobile applications.
AWS STS with IAM (Answer A) is a service that enables users to request temporary security credentials that can be used to access AWS resources. This service can be used in conjunction with IAM (Identity and Access Management) to provide granular access control over AWS resources. However, STS does not provide user management capabilities or support for SAML 2.0 authentication.
AWS Security Pools (Answer C) and AWS IAM Pools (Answer D) are not valid AWS services. Therefore, they are not the correct answer.
In summary, AWS Cognito Identity Pools should be used for user management when implementing SAML 2.0 authentication in a mobile application.
