Exam AZ-305 topic 1 question 28 discussion

Password based. https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/plan-sso-deployment#single-sign-on-options

C is the answer. https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/plan-sso-deployment#single-sign-on-options Password-based - Choose password-based when the application has an HTML sign-in page. Password-based SSO is also known as password vaulting. Password-based SSO enables you to manage user access and passwords to web applications that don't support identity federation. It's also useful where several users need to share a single account, such as to your organization's social media app accounts. Password-based SSO supports applications that require multiple sign-in fields for applications that require more than just username and password fields to sign in. You can customize the labels of the username and password fields your users see on My Apps when they enter their credentials.

Password-based SSO allows you to manage credentials for applications that do not support identity providers. It works by securely storing the username and password in Azure AD and automatically signing in users when they access the application. So, the correct answer is C. password-based.

C is correct

AI Answer: Given your scenario, the best SSO method to use would be D. OpenID Connect1 . Here's why the other options are not suitable: A. Header-based: This method is typically used for API authentication rather than user authentication for applications2 3 . B. SAML (Security Assertion Markup Language): While SAML is a valid SSO method, it is more commonly used for enterprise applications and requires more complex setup and management3 . C. Password-based: This is not an SSO method but rather the traditional way of logging in with a username and password, which you're already using and want to move away from. OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol and is well-suited for applications that need to authenticate users via an identity provider like Azure AD2 3 . It allows users to log in with their existing credentials and provides a seamless SSO experience.

Such an confusing question Microsoft! It says that the app doesn't support identity providers, than it taks about upgrading it. But as part of the upgrade, we could make the app support identity providers! In that case, maybe OpenID Connect could also be a valid answer!

Password-Based SSO: This method is ideal for applications that do not support identity providers or modern authentication protocols. It enables Azure AD to securely store and manage the application's credentials. Users authenticate with Azure AD, and then Azure AD provides the stored credentials to the application.

Passed the exam on 10-Jan-24. This question appeared on the exam

Confusing, the article stated with application registration, it will set to use OpenID Connect and OAuth by default. Only Application Proxy is used with password-based!!

Thanks to all who have mentioned the exam dates

C. password-based

Badly worded question and answers. I'd lean towards password based authentication as being the "most correct" answer. However, in the real world, probably use linked mode or similar.

Exam Question 12/28/2022

Answer is C

How do we say the application is hosted in on-prem? If so, answer is correct.