diff --git a/README.md b/README.md
index be58fa8..9c81000 100644
--- a/README.md
+++ b/README.md
@@ -21,6 +21,7 @@
 - [Security & Compliance](sections/security_compliance.md)
 - [Machine Learning](sections/machine_learning.md)
 - [Account Management, Billing & Support](sections/account_management_billing_support.md)
+- [Advanced Identity](sections/advanced_identity.md)
 
 ## Contributors
 
diff --git a/sections/advanced_identity.md b/sections/advanced_identity.md
new file mode 100644
index 0000000..2ae8a3a
--- /dev/null
+++ b/sections/advanced_identity.md
@@ -0,0 +1,59 @@
+# Advanced Identity
+
+- [Advanced Identity](#advanced-identity)
+  - [AWS STS (SecurityToken Service)](#aws-sts-securitytoken-service)
+  - [Amazon Cognito (simplified)](#amazon-cognito-simplified)
+  - [What is Microsoft Active Directory (AD)?](#what-is-microsoft-active-directory-ad)
+    - [AWS Directory Services](#aws-directory-services)
+  - [AWS Single Sign-On (SSO)](#aws-single-sign-on-sso)
+  - [Summary](#summary)
+
+## AWS STS (SecurityToken Service)
+
+- Enables you to create **temporary, limited- privileges credentials** to access your AWS resources
+- Short-term credentials: you configure expiration period
+- Use cases
+  - Identity federation: manage user identities in external systems, and provide them with STS tokens to access AWS resources
+  - IAM Roles for cross/same account access
+  - IAM Roles for Amazon EC2: provide temporary credentials for EC2 instances to access AWS resources
+
+## Amazon Cognito (simplified)
+
+- Identity for your Web and Mobile applications users (potentially millions)
+- Instead of creating them an IAM user, you create a user in Cognito
+
+## What is Microsoft Active Directory (AD)?
+
+- Found on any Windows Server with AD Domain Services
+- Database of objects: User Accounts, Computers, Printers, File Shares, Security Groups
+- Centralized security management, create account, assign permissions
+
+### AWS Directory Services
+
+- **AWS Managed Microsoft AD**
+  - Create your own AD in AWS, manage users locally, supports MFA
+  - Establish “trust” connections with your on- premise AD
+- **AD Connector**
+  - Directory Gateway (proxy) to redirect to on- premise AD, supports MFA
+  - Users are managed on the on-premise AD
+- **Simple AD**
+  - AD-compatible managed directory on AWS
+  - Cannot be joined with on-premise AD
+
+## AWS Single Sign-On (SSO)
+
+- Centrally manage Single SignOn to access multiple accounts and 3rd-party business applications.
+- Integrated with AWS Organizations
+- Supports SAML 2.0 markup
+- Integration with on-premise Active Directory
+
+## Summary
+
+- **IAM**
+  - Identity and Access Management inside your AWS account
+  - For users that you trust and belong to your company
+- **Organizations**: manage multiple AWS accounts
+- **Security Token Service (STS)**: temporary, limited-privileges credentials to access AWS resources
+- **Cognito**: create a database of users for your mobile & web applications
+- **Directory Services**: integrate Microsoft Active Directory in AWS
+- **Single Sign-On (SSO)**: one login for multiple AWS accounts & applications
\ No newline at end of file