A merged entity is facing a challenge integrating its central authentication service, based on a well-established directory protocol, with a newly acquired company's applications that authorize users through a popular web-based authorization standard. To achieve a cohesive authentication process across both existing and newly included systems, what is the appropriate solution to adopt?
Enforce strict two-factor authentication for users of both systems to enhance overall security posture.
Establish an encrypted channel between the two systems to securely map user accounts from one to the other.
Amend password management policies to standardize user credentials across all systems and applications.
Employ a federation service to bridge the two distinct user authentication systems for seamless operation.
Implementing a federation service is the correct solution because it enables different authentication systems to interoperate by allowing them to trust and validate each other's users. It serves as a middle layer that manages and brokers identity information between organizations, thus simplifying cross-domain user access. Additionally, a federation service allows users to authenticate once and gain access to multiple applications, even if the underlying authentication protocols differ. Updating password management procedures or initiating enhanced user credential verification does not provide a method for protocol interoperability. Introducing additional network-layer security, such as an encrypted channel, does not address the core issue of authenticating users across different authentication protocols.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a federation service and how does it work?
Open an interactive chat with Bash
What are the differences between SAML and OAuth in the context of federated authentication?
Open an interactive chat with Bash
Why is simply updating password management policies not sufficient for integrating authentication systems?