Which capability is not provided by AWS IAM when using SAML 2.0?

The capability of direct database access is not provided by AWS Identity and Access Management (IAM) when using SAML 2.0. AWS IAM, in conjunction with SAML 2.0, facilitates federated authentication and authorization, allowing users to assume roles that provide them temporary access to specific AWS resources.

When using SAML 2.0, users can authenticate using an external identity provider and gain access to AWS resources through Single Sign-On (SSO) mechanisms. This type of access helps streamline user experience by allowing users to access multiple applications without logging in individually to each one.

Federated user management through SAML 2.0 allows organizations to manage user identities across various platforms and enable seamless access to AWS services. Role-based access control is also seamlessly integrated, where IAM roles can be assigned based on identity attributes from the SAML assertion, granting users specific permissions in line with their job functions.

Direct database access typically refers to the capability of connecting to and managing databases such as Amazon RDS or DynamoDB, which is not directly facilitated by IAM when involving SAML. Instead, IAM enables access to AWS resources based on the roles assumed by federated users but does not specifically handle the processes of connecting to databases directly via SAML authentication