CISSP · Question #614
CISSP Question #614: Real Exam Question with Answer & Explanation
The correct answer is C: Authentication. In a federated identity solution, the third-party Identity Provider (IdP) is primarily responsible for authenticating the user and issuing identity assertions (such as SAML tokens or OIDC tokens) to the relying party. The relying party then uses those assertions to make its own a
Question
For a federated identity solution, a third-party Identity Provider (IdP) is PRIMARILY responsible for which of the following?
Options
- AAccess Control
- BAccount Management
- CAuthentication
- DAuthorization
Explanation
In a federated identity solution, the third-party Identity Provider (IdP) is primarily responsible for authenticating the user and issuing identity assertions (such as SAML tokens or OIDC tokens) to the relying party. The relying party then uses those assertions to make its own access and authorization decisions.
Common mistakes.
- A. Access Control is a policy enforcement function performed by the relying party or SP, not the IdP; the IdP only provides identity claims, not resource-level access decisions.
- B. Account Management (provisioning, deprovisioning, password resets) is an administrative function typically handled by the organization's directory service or HR system, not the federated IdP's primary role.
- D. Authorization - determining what an authenticated user is permitted to do - is the responsibility of the Service Provider or resource server, which consumes the IdP's identity assertion to make its own access decisions.
Concept tested. Role of Identity Provider in federated identity
Reference. https://learn.microsoft.com/en-us/azure/active-directory/develop/federation-metadata
Topics
Community Discussion
No community discussion yet for this question.