CISSP · Question #1380
Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols
The correct answer is A. Clothing retailer acts as identity provider (IdP), confirms identity of user using industry standards,. This question tests understanding of federated identity under the Extended Identity principle, where one organization acts as the identity provider (IdP) to authenticate users for partner service providers using common IAM protocols.
Question
Options
- AClothing retailer acts as identity provider (IdP), confirms identity of user using industry standards,
- BClothing retailer acts as User Self Service, confirms identity of user using industry standards, then
- CClothing retailer acts as Service Provider, confirms identity of user using industry standards, then
- DClothing retailer acts as Access Control Provider, confirms access of user using industry
How the community answered
(27 responses)- A78% (21)
- B4% (1)
- C11% (3)
- D7% (2)
Why each option
This question tests understanding of federated identity under the Extended Identity principle, where one organization acts as the identity provider (IdP) to authenticate users for partner service providers using common IAM protocols.
In a federated identity model, the home organization (clothing retailer) acts as the Identity Provider (IdP), meaning it is responsible for authenticating the user and asserting that identity to partner businesses (Service Providers) using industry-standard protocols such as SAML, OAuth, or OIDC. This is the correct Extended Identity process flow: the IdP vouches for the user's identity, and partner SPs trust that assertion to grant access without requiring separate credentials. This enables seamless cross-organizational access while maintaining centralized identity management at the retailer.
User Self Service is a provisioning or password management function, not a federated authentication role; it does not describe how cross-organizational identity assertions are made between partners.
The clothing retailer is the organization that owns and authenticates the user accounts, making it the Identity Provider, not the Service Provider; Service Providers are the partner businesses consuming the identity assertion.
Access Control Provider is not a recognized role in standard federated IAM frameworks such as SAML or OIDC; access control decisions are made by the Service Provider after receiving an identity assertion from the IdP.
Concept tested: Federated identity provider role in extended identity
Source: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-saml-assertions
Topics
Community Discussion
No community discussion yet for this question.