An organization is migrating numerous on-premises and cloud-based applications to a new identity and access management (IAM) framework. A primary goal is to improve the user experience by eliminating the need for users to repeatedly enter credentials for each service. Additionally, the security team wants to centralize authentication control and reduce the attack surface created by credential sprawl. Which of the following solutions BEST meets these requirements?
Single sign-on (SSO) is the best solution because it is specifically designed to centralize authentication through a single identity provider. This allows users to log in once and access multiple applications without re-authenticating, which directly addresses the goal of improving user experience and reducing password fatigue. It also centralizes authentication control, meeting the security team's requirement to reduce credential sprawl. While multi-factor authentication (MFA) enhances security and is often used with SSO, it does not by itself solve the problem of multiple logins. Privileged Access Management (PAM) is focused on securing administrative or privileged accounts, not general user access for multiple applications. Federation is the underlying trust relationship that can enable SSO between different organizations, but SSO is the service that delivers the described functionality to the end-user.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an identity provider (IdP)?
Open an interactive chat with Bash
How does single sign-on (SSO) enhance security?
Open an interactive chat with Bash
What risks are associated with centralized authentication?