You manage an Azure Active Directory (AD) tenant
You plan to allow users to log in to a third-party application by using their Azure AD
credentials. To access the application, users will be prompted for their existing third-party
user names
and passwords. You need to add the application to Azure AD. Which type of application
should you add?
A.
Existing Single Sign-On with identity provisioning
B.
Password Single Sign-On with identity provisioning
C.
Existing Single Sign-On without identity provisioning
D.
Password Single Sign-On without identity provisioning
Explanation:
http://msdn.microsoft.com/en-us/library/azure/dn308588.aspx
it’s Existing Single Sign-On without identity provisioning
Provisioning is not mentioned in the Q and not supported…
A
* Azure AD supports two different modes for single sign-on:
/ Federation using standard protocols
Configuring Federation-based single sign-on enables the users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account information from Azure AD.
/ Password-based single sign-on
* Support for user provisioning
User provisioning enables automated user provisioning and deprovisioning of accounts in third-party SaaS applications from within the Azure Management Portal, using your Windows Server Active Directory or Azure AD identity information. When a user is given permissions in Azure AD for one of these applications, an account can be automatically created (provisioned) in the target SaaS application.
Reference: Application access enhancements for Azure AD
URL: http://msdn.microsoft.com/en-us/library/azure/dn308588.aspx
B is correct i think. not sure. AC are for sure wrong as the Question is asking to set Azure AD credential signup. AC are related to federation Service which is not in picture in this question. B looks correct because in this wa Azure AD will store password locally using application own credential store.
I believe it’s D.
Identity provisioning is not needed because the question mentions “their existing third-party user names and passwords” — in other words, accounts do not need to be created. Furthermore, the question doesn’t suggest that some kind of third-party account–AD account synchronisation is needed. That makes it C or D.
Next, the question says that users will “log in to [the] application by using their Azure AD credentials”. Here I assume that “log in” is talking about every time you use the application, like logging in to Windows. So AAD authentication is needed when they want to use the app.
But the question also says “to access the application, users will be prompted for their existing third-party user names and passwords”.
For the nuance of the word “access”, see this text (taken from https://azure.microsoft.com/en-us/documentation/articles/active-directory-appssoaccess-whatis/):
“Administrators can assign applications to end users or groups, and allow the end users to enter their own credentials directly upon accessing the application for the first time in their access panel.”
So when users want to use the application for the first time, they have to tell AAD what their application username and password are. From then on, users will log in by using their AAD credentials.
So that makes the answer D, because you’ll enter your username and password once, and AAD will store it for you. After that, you can log in by using your AAD credentials.