A company is using AWS Organizations with a multi-account architecture. The company's current security configuration for the account architecture includes SCPs, resource-based policies, identity-based policies, trust policies, and session policies. A solutions architect needs to allow an IAM user in Account A to assume a role in Account B. Which combination of steps must the solutions architect take to meet this requirement? (Choose three.) A. Configure the SCP for Account A to allow the action. B. Configure the resource-based policies to allow the action. C. Configure the identity-based policy on the user in Account A to allow the action. D. Configure the identity-based policy on the user in Account B to allow the action. E. Configure the trust policy on the target role in Account B to allow the action. F. Configure the session policy to allow the action and to be passed programmatically by the GetSessionToken API operation.