Your company is migrating infrastructure to AWS. A large number of developers and administrators will need to control this infrastructure using the AWS Management Console. The Identity Management team is objecting to creating an entirely new directory of IAM users for all employees, and the employees are reluctant to commit yet another password to memory. Which of the following will satisfy both these stakeholders?
A. Users sign in using an OpenID Connect (OIDC) compatible IdP, receive an authentication token, then use that token to log in to the AWS Management Console.
B. Users log in directly to the AWS Management Console using the credentials from your on-premises Kerberos compliant Identity provider.
C. Users log in to the AWS Management Console using the AWS Command Line Interface.
D. Users request a SAML assertion from your on-premises SAMLB.0-compliant identity provider (IdP) and use that assertion to obtain federated access to the AWS Management Console via the AWS single sign-on (SSO) endpoint.