A company is implementing a federated identity solution to provide employees with single sign-on (SSO) access to multiple cloud applications. Which statement accurately describes how user credentials are managed in this model?
User credentials are managed by a central identity provider, and service providers trust its authentication assertions.
Each service provider synchronizes a copy of the user's password from the central identity provider.
The user's device locally stores encrypted credentials and provides them to each service provider upon request.
Users must create and store a separate password within each connected service provider environment.
The correct answer is that credentials are managed by a central identity provider (IdP). In a federated identity model, service providers (SPs) trust the IdP to authenticate users. The user provides their credentials only once to the IdP, which then passes a security assertion (e.g., a SAML token) to the SP. This architecture avoids the need to store and manage user passwords in each individual application, which is the primary security and management benefit of federation. The other options are incorrect because they misrepresent how federation works.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Federation in the context of single sign-on (SSO)?
Open an interactive chat with Bash
What is Security Assertion Markup Language (SAML)?