Which of the following statements about single sign-on (SSO) is not true?
A. A user can sign on a system once and access other systems without re-authentication
B. An SSO user account causes more serious impact then non-SSO if breached
C. Systems require federation protocols to support SSO
D. A user can create multiple user accounts across systems that support SSO
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Systems require federation protocols to support SSO.
- Single Sign-On (SSO) is a system authentication feature that a user can sign on a system once and access other systems without re-authentication. It doesn’t mean a user has only one “user account” across the systems.
- Systems can be implemented with federation protocols to support SSO, but federation is not required.
- Logon scripts can achieve the purpose of SSO across completely independent or standalone systems without federation or trusts.
- Systems in a federation can maintain their own user accounts. Authorization can be done through the mapping of assertions.
- Active Directory is the implementation of Microsoft, which supports SSO with integrated identity. That is, a user with one user account can access resources across domains through trusts.
- Personal credential management systems are just password managers. They don’t provide SSO but facilitate or accelerate the authentication process by auto-filling the username and password.
- Session Initiation Protocol
- Real-time Transport Protocol
- Real Time Streaming Protocol
- Media Gateway Control Protocol