An organization is integrating a partner-based application that is set up to receive tokens from an internal identity platform. The application is configured as a service provider and must accept tokens without storing user passwords in multiple places. Which approach meets this requirement?
Use a different identity solution for each integrated platform, reissuing separate credentials for users at each site
Configure the external platform to rely on the signed tokens from the internal identity solution instead of user passwords
Place user passwords from the internal environment in the external platform's datastore to allow direct authentication
Configure the external platform to request user credentials directly from the internal identity environment for every login
Using signed tokens from the internal identity platform builds trust between the two environments. The external application confirms the authenticity of the token instead of gathering or storing user passwords. Approaches involving direct access to passwords or separate identity solutions expand the attack surface, and distributing user credentials across many environments makes them harder to manage and protect.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a signed token in identity platforms?
Open an interactive chat with Bash
What is the role of a Service Provider (SP) in identity platforms?
Open an interactive chat with Bash
Why is storing user credentials in multiple places considered insecure?