Single sign-on enables users to gain access to multiple information system resources through federated identity. All of the following support single sign-on (SSO) except which one?
A. Credential Management Systems
C. Scripted access or logon scripts
D. Identity Federation
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Credential Management Systems.
Single sign-on enables users to log in once and gain access to multiple information system resources. (NIST SP 800-53 R4)
Credential Management Systems
A credential management system provides a storage space for users to keep their credentials when SSO isn’t available. Users can store credentials for websites and network resources that require a different set of credentials. The management system secures the credentials with encryption to prevent unauthorized access.
As an example, Windows systems include the Credential Manager tool. Users enter their credentials into the Credential Manager and when necessary, the operating system retrieves the user’s credentials and automatically submits them. When using this for a website, users enter the URL, username, and password. Later, when the user accesses the website, the Credential Manager automatically recognizes the URL and provides the credentials.
Stewart, James M.; Chapple, Mike; Gibson, Darril. CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide (Kindle Locations 15796-15802). Wiley. Kindle Edition.
SSO may involve multiple logins across systems
SSO enables “users” to login once, but it may involve multiple logins across systems in terms of a logon script.
The following is an example of logon script:
NET USE S: \\server1\share1 mypassword1 /user:email@example.com
NET USE T: \\server2\share2 mypassword2 /user:firstname.lastname@example.org
When Jack logged into the system, the logon script logs Jack into server1 and server2 respectively. From the perspective of Jack, he logged into the system once, but login happened three times technically.