You manage an Azure Active Directory (AD) tenant
You plan to allow users to log in to a third-party application by using their Azure AD
credentials. To access the application, users will be prompted for their existing third-party
user names
and passwords. You need to add the application to Azure AD. Which type of application
should you add?
A.
Existing Single Sign-On with identity provisioning
B.
Password Single Sign-On with identity provisioning
C.
Existing Single Sign-On without identity provisioning
D.
Password Single Sign-On without identity provisioning
Explanation:
http://msdn.microsoft.com/en-us/library/azure/dn308588.aspx
D
http://msdn.microsoft.com/en-us/library/azure/dn308586.aspx
0
0
is the above answer is correct?
0
0
not “A”
* Azure AD supports two different modes for single sign-on:
/ Federation using standard protocols
Configuring Federation-based single sign-on enables the users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account information from Azure AD.
/ Password-based single sign-on
* Support for user provisioning
User provisioning enables automated user provisioning and deprovisioning of accounts in third- party SaaS applications from within the Azure Management Portal, using your Windows Server Active Directory or Azure AD identity information. When a user is given permissions in Azure AD for one of these applications, an account can be automatically created (provisioned) in the target SaaS application.
Reference: Application access enhancements for Azure AD URL: http://msdn.microsoft.com/en-us/library/azure/dn308588.aspx
0
0
I think it’s “A”
0
0
it’s A
0
0
Think is D
Single sign on:
For example, if there is an application that is configured to authenticate users using Active Directory Federation Services 2.0, an administrator can use the “Existing Single Sign-On”
Not, because of “By using their Azure AD credentials”.
So is password Single Sign on.
Identity:
User provisioning enables automated user provisioning and deprovisioning of accounts in third-party SaaS applications from within the Azure Management Portal, using your Windows Server Active Directory or Azure AD identity information.
They will use third-party user-names, so, no Provising.
0
0
it’s correct A
0
0
No, the correct answer is D.
First you need to choose between an existing SSO solution or a password-based SSO. As it is a requirement to store the credentials in Azure AD, it has to be a password-based SSO. There is no need for identity provisioning, thus the correct answer is D.
http://msdn.microsoft.com/en-us/library/azure/dn308586.aspx
0
0
+1 for D
0
0
A – Existing SSO with IDP is correct answer.
Example Facebook ID can be used to login to App published in Azure AD.
https://msdn.microsoft.com/library/azure/dn308588.aspx#bkmk_supportsso
0
0
https://msdn.microsoft.com/en-us/library/azure/dn308588.aspx
User provisioning enables automated user provisioning and deprovisioning of accounts in third-party SaaS applications from within the Azure Management Portal, using your Windows Server Active Directory or Azure AD identity information. When a user is given permissions in Azure AD for one of these applications, an account can be automatically created (provisioned) in the target SaaS application.
From the scenario – Users will be prompted for the EXISTING 3rd party credentials. No need to provision them then.
Configuring password-based single sign-on enables the users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account information from the third-party SaaS application. When you enable this feature, Azure AD collects and securely stores the user account information and the related password.
Correct is D
0
0
It is asked to use the third-party application account, so SSO Password is needed
The user should be asked for its credentials, so “without identity provisionning”
https://msdn.microsoft.com/library/azure/dn308588.aspx#bkmk_supportsso
0
0
+1
Answer D
Configuring password-based single sign-on enables the users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account information from the third-party SaaS application
https://msdn.microsoft.com/en-us/library/azure/dn308588.aspx
0
0
+1 for D
0
0
The questions is too badly worded and could be interpreted differently depending on how many sugars you put in your coffee. The guy defo needs a good ol shooting
0
0
Existing Single Sign-On with identity provisioning
0
0
No one is right yet. Answer is B- Password SSO with identity provisioning.
https://azure.microsoft.com/en-us/documentation/articles/active-directory-appssoaccess-whatis/
“Configuring password-based single sign-on enables the users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account information from the third-party SaaS application.”
Since users are prompted with their existing user names and passwords (for the first time only… this should’ve been mentioned), users manage their credentials themselves.
Link uses the words “User manages credentials” instead of “identity provisioning”
Identity provisioning can be from the admin or by the user. Both are explained in the link.
The difference between Password SSO and Existing SSO is that PSSO would have an app with it’s own identity store. ESSO- if using a link to another store where auth happens such as Google ID that a 3rd party app uses for auth. ESSO is also explained in the link… though not the clearest of explanations, we’d have to get this right.
I know this is confusing as hell, but you need a mental model of the diffs to recall them in the exam.
Anyway, answer is B.
0
0
Believe it is (D) ‘Without Identity Provisioning’.
First off, it falls right into definition of Password Single Sign-On, either (B) or (D).
The trick is “with” or “without” identity provisioning?
Question says, user will be PROMPTED FOR CREDNTIALS. If so, it has to be “without,” as this configuration asks users for credentials.
If users were NOT prompted for credentials, then it would be “with” as user is “automatically” logged in.
Check out this link ==> http://weshackett.com/tag/azure-active-directory/
•Password based SSO without identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’. It is important to realise that all users authenticated to the Azure AD will see these applications. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they navigate to that app they will be asked to enter the username and password combination for that app. This is then securely stored in Azure AD and linked to their organisation account. The next time the user clicks that app they will be automatically signed in with the credentials they provided. Updating credentials in the third party app needs the user to update their Azure AD stored credentials from the context menu on the app tile.
•Password based SSO with identity provisioning – These are applications the Azure admin has added with the single sign-on mode set to ‘Password based Single Sign-on’ as well as identity provisioning. The first time a user clicks one of these apps they will be asked to install a lightweight browser plugin for IE or Chrome. Once they restart the browser the next time they will be automatically signed in to the application
0
0
+1. Definitely D. I’ve set this up to access an online training portal and to remember the users’ passwords when they log into that site.
0
0
So the “Without” means users will be prompted even on 2nd time login according to weshackett.com? (whoever THAT is)… but will not be prompted from the 3rd time?
Without: Once they restart the browser the next time they navigate to that app they will be asked to enter the username and password combination for that app. The next time the user clicks that app they will be automatically signed in with the credentials they provided.
With: Once they restart the browser the next time they will be automatically signed in to the application.
This is still unclear to me. Microsoft hasn’t explained “identity provisioning” anywhere. Is it the same as “User Provisioning” explained here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-appssoaccess-whatis/
If not, then what is the difference between the two explained in http://weshackett.com/tag/azure-active-directory/ ‘cos I don’t see a difference. Both options state “Once they restart the browser the next time they will be automatically signed in to the application.”
0
0
Without says, restart will still prompt for the credentials and the 3rd time (as I read it) will automatically sign them in.
With says, restart will automatically sign them in.
So essentially, the “Without” option does ONE additional prompt in the 2nd login, huh?!!!
0
0
Hi Prady,
researched this from other forums and found this explanation which made it clearer for me, hope it helps :
I believe it’s D.
Identity provisioning is not needed because the question mentions “their existing third-party user names and passwords” — in other words, accounts do not need to be created. Furthermore, the question doesn’t suggest that some kind of third-party account–AD account synchronisation is needed. That makes it C or D.
Next, the question says that users will “log in to [the] application by using their Azure AD credentials”. Here I assume that “log in” is talking about every time you use the application, like logging in to Windows. So AAD authentication is needed when they want to use the app.
But the question also says “to access the application, users will be prompted for their existing third-party user names and passwords”.
For the nuance of the word “access”, see this text (taken from https://azure.microsoft.com/en-us/documentation/articles/active-directory-appssoaccess-whatis/):
“Administrators can assign applications to end users or groups, and allow the end users to enter their own credentials directly upon accessing the application for the first time in their access panel.”
So when users want to use the application for the first time, they have to tell AAD what their application username and password are. From then on, users will log in by using their AAD credentials.
So that makes the answer D, because you’ll enter your username and password once, and AAD will store it for you. After that, you can log in by using your AAD credentials
0
0
And, you can download that new 197Q 70-533 dumps here:
https://doc.co/QdoskX
Best Regards!
1
0
Part of that new 218Q 70-533 dumps for your reference:
https://drive.google.com/open?id=0B-ob6L_QjGLpfnV3MVl6X3pXOWw1Z3YtQUpJRVRiTkNkbGNFbVBNRXhjSkw3bWk1WHdYcW8
Best Regards!
0
0
Besides, part of that new 243Q Azure 70-533 dumps are available here:
https://drive.google.com/open?id=0B-ob6L_QjGLpfnV3MVl6X3pXOWw1Z3YtQUpJRVRiTkNkbGNFbVBNRXhjSkw3bWk1WHdYcW8
Best Regards!
0
0
D is correct : Password Single Sign-On without identity provisioning
0
0