Comprehensive Detailed Explanation with all AWS References
To provide a single management portal for access and integrate with an external IdP for SSO,AWS IAM Identity Center(formerly AWS Single Sign-On) is the best solution:
AWS IAM Identity Center:
IAM Identity Center enables centralized management of access to AWS accounts within an organization.
Supports external IdPs (e.g., Okta, Azure AD) using SAML 2.0 for workforce SSO.
[Reference:AWS IAM Identity Center Overview, Incorrect Options:, B:Direct IAM federation can work with an IdP but does not provide a centralized management portal., C:Amazon Verified Permissions is for fine-grained access control, not SSO or account access., D:AWS Directory Service is unnecessary and overly complex for this use case. Control Tower is not designed for user access management., , , , ]
Submit