nerdexam
(ISC)2

CISSP · Question #472

Which of the following presents the PRIMARY concern to an organization when setting up a federated single sign-on (SSO) solution with another

The correct answer is C. defining the identity mapping scheme. In federated SSO, the primary concern when connecting two organizations is establishing how identities from one domain map to valid identities or roles in the partner domain.

Submitted by takeshi77· Mar 5, 2026Identity and Access Management

Question

Which of the following presents the PRIMARY concern to an organization when setting up a federated single sign-on (SSO) solution with another

Options

  • ASending assertions to an identity provider
  • BRequesting Identity assertions from the partners domain
  • Cdefining the identity mapping scheme
  • DHaving the resource provider query the Identity provider

How the community answered

(29 responses)
  • A
    3% (1)
  • B
    10% (3)
  • C
    83% (24)
  • D
    3% (1)

Why each option

In federated SSO, the primary concern when connecting two organizations is establishing how identities from one domain map to valid identities or roles in the partner domain.

ASending assertions to an identity provider

Sending assertions to an identity provider describes a technical protocol step in SAML federation, not the primary organizational concern when establishing the trust relationship.

BRequesting Identity assertions from the partners domain

Requesting identity assertions from a partner's domain is a standard operational function of federated SSO that is handled by the protocol itself, not the primary setup concern.

Cdefining the identity mapping schemeCorrect

Defining the identity mapping scheme is the primary concern because each organization maintains its own identity store with different attribute names, formats, and user identifiers. Without an agreed-upon mapping between the two domains' identity attributes (e.g., how a user in Organization A's directory corresponds to an authorized user in Organization B's system), the federation cannot function securely or accurately. Mismatched or poorly defined mappings can lead to access control failures, unauthorized access, or denial of legitimate users.

DHaving the resource provider query the Identity provider

Having the resource provider query the identity provider describes a technical architecture pattern in federated identity, but the mechanics of this communication are defined by the protocol standard and are not the primary concern when establishing federation.

Concept tested: Identity mapping in federated SSO trust relationships

Source: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed

Topics

#federated identity#single sign-on#identity mapping#IAM challenges

Community Discussion

No community discussion yet for this question.

Full CISSP Practice