GH-100 Question #35: Real Exam Question with Answer & Explanation

Question

A GitHub Enterprise administrator is planning to implement SAML SSO across their company. Which of the following correctly distinguishes enterprise-wide SAML SSO from organization-level SAML SSO?

Options

• AEnterprise-wide SAML SSO requires less initial administrative overhead than organization-level
• BEnterprise-wide SAML SSO allows different organizations to use different authentication methods.
• CEnterprise-wide SAML SSO immediately removes users who fail to authenticate via the IdP.
• DEnterprise-wide SAML SSO ensures users authenticate through the same IdP across all

Explanation

D is correct because enterprise-wide SAML SSO enforces a single Identity Provider (IdP) across every organization within the enterprise, creating a unified authentication experience - users authenticate once through one IdP regardless of which org they access.

Why the distractors are wrong:

• A is incorrect - enterprise-wide SAML SSO actually requires more upfront administrative effort since it must be configured and coordinated across all organizations simultaneously.
• B is the opposite of enterprise-wide behavior; allowing different orgs to use different authentication methods describes organization-level SSO, not enterprise-wide.
• C is a fabricated behavior - SAML SSO does not immediately remove users who fail to authenticate; failed authentication simply denies access, and user removal is a separate, manual (or provisioned) process.

Memory tip: Think of "enterprise-wide" as a single umbrella over all orgs - one IdP, one policy, one authentication path. If you see answer choices describing flexibility or per-org differences, those point to org-level SSO, not enterprise-wide.

No community discussion yet for this question.