Question 77 of 179 from exam AZ-204: Developing Solutions for Microsoft Azure
Question
HOTSPOT - You are building a website to access project data related to teams within your organization.
The website does not allow anonymous access.
Authentication is performed using an Azure Active Directory (Azure AD) app named internal.
The website has the following authentication requirements: -> Azure AD users must be able to login to the website.
-> Personalization of the website must be based on membership in Active Directory groups.
You need to configure the application's manifest to meet the authentication requirements.
How should you configure the manifest? To answer, select the appropriate configuration in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
/question/img0026800001.png)
Explanations
/answer/img0026900001.png)
Box 1: groupMembershipClaims - Scenario: Personalization of the website must be based on membership in Active Directory groups.
Group claims can also be configured in the Optional Claims section of the Application Manifest.
Enable group membership claims by changing the groupMembershipClaim The valid values are: "All" "SecurityGroup" "DistributionList" "DirectoryRole" Box 2: oauth2Permissions - Scenario: Azure AD users must be able to login to the website.
oauth2Permissions specifies the collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps.
These permission scopes may be granted to client apps during consent.
Incorrect Answers: oauth2AllowImplicitFlow.
oauth2AllowImplicitFlow specifies whether this web app can request OAuth2.0 implicit flow access tokens.
The default is false.
This flag is used for browser-based apps, like Javascript single-page apps.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-group-claims