CompTIA Security+ (SY0-501) — Question 584

A company offers SaaS, maintaining all customers' credentials and authenticating locally. Many large customers have requested the company offer some form of federation with their existing authentication infrastructures.
Which of the following would allow customers to manage authentication and authorizations from within their existing organizations?

Answer options

• A. Implement SAML so the company's services may accept assertions from the customers' authentication servers.
• B. Provide customers with a constrained interface to manage only their users' accounts in the company's active directory server.
• C. Provide a system for customers to replicate their users' passwords from their authentication service to the company's.
• D. Use SOAP calls to support authentication between the company's product and the customers' authentication servers.

Correct answer: A

Explanation

Implementing SAML allows the company to accept assertions from the customers' authentication servers, facilitating federation and enabling clients to manage their own authentication. The other options do not offer true federation; B limits management to the company's directory, C involves password replication which can be insecure, and D does not provide a standard method for federation like SAML does.