So far (day 1-3), we covered "how to restrict permissions." Today, we examine the modern answer to "how do you grant access to people." Creating individual IAM users for thousands of employees across hundreds of accounts is a nightmare. Long-lived credentials (access keys) have high breach risk, and managing departures is difficult.
The solution is federation. The company's existing ID system (Active Directory, Okta, Azure AD, etc.) becomes the source of trust, and AWS receives that trust to issue temporary credentials. Bundling this in a managed way is IAM Identity Center (formerly AWS SSO). SAML/OIDC flows and ABAC are guaranteed to appear on the Specialty exam.