Google Workspace Professional Administrator — Question 70

Your organization implemented Single Sign-On (SSO) for the multiple cloud-based services it uses. During authentication, one service indicates that access to the SSO provider is not possible due to invalid information. What should you do?

Answer options

• A. Update the validation certificate.
• B. Verify that the Audience element in the SAML Response matches the assertion consumer service (ACS) URL.
• C. Run nslookup to confirm that the service exists.
• D. Ensure that Microsoft's Active Directory Federation Services 2.0 sends encrypted SAML Responses in default configurations.

Correct answer: B

Explanation

The correct answer is B because the Audience element in the SAML Response must match the ACS URL for the authentication to succeed. If they do not match, the service cannot validate the response, leading to access issues. Options A, C, and D are not directly related to resolving the specific mismatch causing the authentication failure.