An organization wants to streamline authentication across a collection of external services by centralizing user verification. The plan is to avoid separate account setups in each external service while still enabling access decisions based on a single user identity. Which approach best accomplishes this goal?
Adopt a structure where a central identity provider issues short-lived credentials and the services accept these credentials instead of local accounts
Provide a shared set of credentials for the services, restricting with role-based policies in the environment’s directory
Establish a nightly synchronization that duplicates user profiles, so each service manages local access
Redirect user authentication requests to an external location for a hardware-based exchange, requiring manual reconfiguration at each service
Centralizing identity through short-lived credentials issued by a trusted provider ensures seamless access across services without requiring local account duplication. This reduces administrative overhead, enhances security through token expiration, and improves accountability. In contrast, shared credentials and manual syncs introduce security and scalability challenges.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an identity provider (IdP)?
Open an interactive chat with Bash
What are the benefits of using short-lived credentials?
Open an interactive chat with Bash
How does token-based authentication improve security?