Which service allows centralized management of workforce identities across AWS accounts?

The correct choice for centralized management of workforce identities across AWS accounts is AWS IAM Identity Center. This service is designed specifically to simplify access management for users who need to sign in to multiple AWS accounts and business applications. It provides a unified interface where administrators can manage user identities, assign permissions, and configure access centrally, helping organizations streamline security and governance.

AWS IAM Identity Center enhances efficiency by enabling the provision of a single user identity across AWS accounts, reducing the complexity associated with managing multiple identities for various services. This makes it particularly suitable for organizations using multiple AWS accounts that need a cohesive management strategy.

While AWS Single Sign-On also relates to identity management across AWS accounts and can be somewhat overlapping with IAM Identity Center, it is important to note that IAM Identity Center is the service that is now the focus in AWS's suite for managing workforce identities centrally, as it integrates more seamlessly with the overall AWS management framework.

AWS Directory Service provides a way to use existing Microsoft Active Directory or create a new directory within AWS, but it is not primarily focused on centralized identity management across multiple AWS accounts. Meanwhile, AWS Cognito is designed primarily for managing user authentication for applications, focusing on mobile and web applications rather than centralized enterprise identity management across AWS accounts.