CISSP · Question #472
Which of the following presents the PRIMARY concern to an organization when setting up a federated single sign-on (SSO) solution with another
The correct answer is C. defining the identity mapping scheme. In federated SSO, the primary concern when connecting two organizations is establishing how identities from one domain map to valid identities or roles in the partner domain.
Question
Which of the following presents the PRIMARY concern to an organization when setting up a federated single sign-on (SSO) solution with another
Options
- ASending assertions to an identity provider
- BRequesting Identity assertions from the partners domain
- Cdefining the identity mapping scheme
- DHaving the resource provider query the Identity provider
How the community answered
(29 responses)- A3% (1)
- B10% (3)
- C83% (24)
- D3% (1)
Why each option
In federated SSO, the primary concern when connecting two organizations is establishing how identities from one domain map to valid identities or roles in the partner domain.
Sending assertions to an identity provider describes a technical protocol step in SAML federation, not the primary organizational concern when establishing the trust relationship.
Requesting identity assertions from a partner's domain is a standard operational function of federated SSO that is handled by the protocol itself, not the primary setup concern.
Defining the identity mapping scheme is the primary concern because each organization maintains its own identity store with different attribute names, formats, and user identifiers. Without an agreed-upon mapping between the two domains' identity attributes (e.g., how a user in Organization A's directory corresponds to an authorized user in Organization B's system), the federation cannot function securely or accurately. Mismatched or poorly defined mappings can lead to access control failures, unauthorized access, or denial of legitimate users.
Having the resource provider query the identity provider describes a technical architecture pattern in federated identity, but the mechanics of this communication are defined by the protocol standard and are not the primary concern when establishing federation.
Concept tested: Identity mapping in federated SSO trust relationships
Source: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed
Topics
Community Discussion
No community discussion yet for this question.