Exam CISSP topic 1 question 261 discussion

With the phrase 'hosted by a third-party service provider' send me towards D

I would say SSO, since the user is already authenticated in this question. Trust has been established beforehand (as done with federation).

Single Sign-On (SSO) offers both a seamless user experience and the convenience of using a single set of credentials across multiple sites or domains. Here's how it works: Seamless Access: Once a user logs in to an SSO-enabled system, they can access various associated applications or services without needing to log in again. This means no repeated requests for authentication, making the user experience smooth and uninterrupted. Single Credential Set: Users only need to remember and manage one username and password for accessing multiple services, simplifying the login process and reducing password fatigue. Together, these features make SSO a powerful tool for enhancing both security and user convenience.

Single sign-on (SSO) allows users to authenticate once and gain access to multiple applications or services without needing to log in again. This provides a seamless user experience, which is crucial for employee satisfaction when accessing third-party travel services.

I think they're going for Federated Access. The reason is it says seamless if already authenticated. Single Sign-On just means you can use the same information for different sites/domains, it doesn't make things "seamless".

Here is what I found: Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, specifically between an identity provider and a service provider. Its main purpose is to enable Single Sign-On (SSO), where users can log in once and gain access to a variety of different systems without being re-prompted to enter credentials. SAML allows a user's identity and access rights to be verified in one domain (such as the user's home organization) and be able to use services in another domain (such as a cloud application) without needing to authenticate again. In short, SAML simplifies and standardizes the identity verification process across different systems and platforms, significantly improving user convenience and enhancing the security of handling user identities.

A. Single sign-on (SSO) access is the best choice here.........................D.Federated Access is not a good answer. The method of Federated access is not the most suitable for providing seamless access to the travel portal for authenticated users. Federated access, while commonly used for single sign-on (SSO), can be more complex to set up and troubleshoot, often involving identity providers (IdP) and service providers (SP) to establish and maintain the federation trust relationship. This complexity can lead to configuration issues, endpoint problems, and other challenges that may not provide the seamless experience desired for employee access to the travel services. Therefore, in the context of the question, single sign-on (SSO) access is a more appropriate and straightforward method to ensure seamless access for authenticated users.

SAML uses XML-based messages to exchange information between the identity provider and the service provider, such as the user's identity, attributes, and entitlements. SAML access can provide a seamless user experience and a high level of security for the travel portal. A, D is too general term, C only share authorization

Answer: B D. Federated access is a broader concept referring to the agreement and arrangement between multiple enterprises that lets subscribers use the same identification data to obtain access to the networks of all enterprises in the group. A. Single sign-on (SSO) is also a broader concept, referring to the ability for users to log in once and access multiple applications or services without logging in again. B. Security Assertion Markup Language (SAML) is a specific protocol, a ‘method’ used to achieve both federated access and SSO. So, while both A (SSO) and D (Federated access) describe overarching concepts or methodologies, B (SAML) is a specific technical protocol, and a ‘method’ used to implement those concepts.

OK so I wouldn't put a third party app on the SSO even if it was for convenience. Federated access is possible since employees have the convenience on hoping on that link without verifying their identify.

Single sign-on (SSO) is typically used to provide seamless access to multiple applications within a single organization. However, SSO can also be used to provide seamless access to third-party services hosted by other organizations. In the case of the company needing to provide employee access to a travel portal hosted by a third-party service provider, SSO can be used to provide seamless access to that service. This can be achieved by integrating the third-party service with the organization's identity and access management (IAM) system, which would allow users to access the travel portal using their existing credentials. The integration of the third-party service with the organization's IAM system can be achieved using various protocols, such as Security Assertion Markup Language (SAML) or Open Authorization (OAuth), which are commonly used for SSO. Therefore, while SSO is typically used within a single organization, it can also be used to provide seamless access to third-party services hosted by other organizations, such as the travel portal in this case.

If it were only federated that wouldn't provide the required employee experience, but SSO does. It may also be federated to have SSO work, but SSO is what is causing the experience. Federation without SSO would have the user logging into each portion again even if it were the same federated ID.

D includes A,B,C

Federated access or Federated identity is a form of single sign-on that allows users to use a single credential to authentice across multiple organization's systems and websites.

which are hosted by a "third-party service provider", those are the keywords.

Federated. it's a form of sso

No such thing as SSO access or SAML access (wrong terminology)