Umbrella Corporation wants employees to use their on-premises Active Directory credentials to access their AWS accounts within AWS Organizations, leveraging existing VPN connectivity and requiring conditional access based on user groups and centrally managed identities. Which solution will meet these requirements?