Which service enables centralized management of user identities in AWS?

The correct choice for enabling centralized management of user identities in AWS is AWS Identity and Access Management (IAM). IAM is a critical service that allows administrators to manage access to AWS resources securely. With IAM, users can create and manage AWS users and groups, and control their access to AWS resources through permissions. It provides the ability to define who can do what in the environment, which is essential for maintaining security and compliance.

IAM also supports features such as multi-factor authentication (MFA), role-based access control, and fine-grained permissions, which are crucial components for efficiently managing user identities across AWS accounts and services. This centralized management capability is fundamental to any identity and access governance strategy within AWS, allowing for a structured approach to identity management at scale.

While other services listed, such as AWS Single Sign-On, AWS GuardDuty, and AWS Organizations, serve important roles in identity and access management and governance, IAM is specifically designed for centralized user identity management. AWS Single Sign-On focuses on providing a single access point for user authentication across multiple accounts, whereas AWS GuardDuty is a security monitoring service, and AWS Organizations is aimed at managing accounts and billing rather than direct user identity management.