2V0-622D · Question #70
An administrator is configuring an identity source for Single Sign-On. The administrator will use the machine that Single Sign-On is running on, but does not want all users on the machine to be visibi
The correct answer is A. Active Directory (Integrated Windows Authentication). Active Directory with Integrated Windows Authentication uses the SSO machine's domain Kerberos identity to authenticate users without exposing the machine's local OS accounts to SSO.
Question
An administrator is configuring an identity source for Single Sign-On. The administrator will use the machine that Single Sign-On is running on, but does not want all users on the machine to be visibile to SSO. Which Identity Source meets this requirement?
Options
- AActive Directory (Integrated Windows Authentication)
- BActive Directory as an LDAP Service
- COpenLDAP
- DLocalOS
How the community answered
(52 responses)- A83% (43)
- B10% (5)
- C2% (1)
- D6% (3)
Why each option
Active Directory with Integrated Windows Authentication uses the SSO machine's domain Kerberos identity to authenticate users without exposing the machine's local OS accounts to SSO.
Active Directory (Integrated Windows Authentication) leverages the Kerberos ticket-based domain membership of the machine running SSO to authenticate AD domain users. Because it operates at the domain level rather than the local OS level, only AD domain accounts are visible to SSO - local machine accounts are not included. This satisfies the requirement to use the SSO machine as the identity source while hiding non-domain local users.
Active Directory as an LDAP Service requires a separately specified LDAP server hostname and credentials and does not use the SSO machine's own domain membership as its identity source.
OpenLDAP requires an external OpenLDAP directory server to be configured - it is not tied to the SSO machine's local or domain identity and introduces a separate directory dependency.
LocalOS exposes all user accounts from the local operating system of the machine running SSO, which directly violates the requirement of not making all users on that machine visible to SSO.
Concept tested: vCenter SSO identity source selection for local machine domain users
Source: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-A8A97E30-F1E1-4702-AA93-DFE4AE58FDE8.html
Topics
Community Discussion
No community discussion yet for this question.