nerdexam
(ISC)2

CISSP · Question #1380

Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols

The correct answer is A. Clothing retailer acts as identity provider (IdP), confirms identity of user using industry standards,. This question tests understanding of federated identity under the Extended Identity principle, where one organization acts as the identity provider (IdP) to authenticate users for partner service providers using common IAM protocols.

Submitted by luis.pe· Mar 5, 2026Identity and Access Management

Question

Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this TAM action?

Options

  • AClothing retailer acts as identity provider (IdP), confirms identity of user using industry standards,
  • BClothing retailer acts as User Self Service, confirms identity of user using industry standards, then
  • CClothing retailer acts as Service Provider, confirms identity of user using industry standards, then
  • DClothing retailer acts as Access Control Provider, confirms access of user using industry

How the community answered

(27 responses)
  • A
    78% (21)
  • B
    4% (1)
  • C
    11% (3)
  • D
    7% (2)

Why each option

This question tests understanding of federated identity under the Extended Identity principle, where one organization acts as the identity provider (IdP) to authenticate users for partner service providers using common IAM protocols.

AClothing retailer acts as identity provider (IdP), confirms identity of user using industry standards,Correct

In a federated identity model, the home organization (clothing retailer) acts as the Identity Provider (IdP), meaning it is responsible for authenticating the user and asserting that identity to partner businesses (Service Providers) using industry-standard protocols such as SAML, OAuth, or OIDC. This is the correct Extended Identity process flow: the IdP vouches for the user's identity, and partner SPs trust that assertion to grant access without requiring separate credentials. This enables seamless cross-organizational access while maintaining centralized identity management at the retailer.

BClothing retailer acts as User Self Service, confirms identity of user using industry standards, then

User Self Service is a provisioning or password management function, not a federated authentication role; it does not describe how cross-organizational identity assertions are made between partners.

CClothing retailer acts as Service Provider, confirms identity of user using industry standards, then

The clothing retailer is the organization that owns and authenticates the user accounts, making it the Identity Provider, not the Service Provider; Service Providers are the partner businesses consuming the identity assertion.

DClothing retailer acts as Access Control Provider, confirms access of user using industry

Access Control Provider is not a recognized role in standard federated IAM frameworks such as SAML or OIDC; access control decisions are made by the Service Provider after receiving an identity assertion from the IdP.

Concept tested: Federated identity provider role in extended identity

Source: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-saml-assertions

Topics

#Federated identity#Identity provider#IAM protocols#SSO

Community Discussion

No community discussion yet for this question.

Full CISSP Practice