Configure Single Sign-On for Company Users
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.
Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.
You need to enable single sign-on (SSO) for company users.
Solution: Configure an AD DS server in an Azure virtual machine (VM). Configure bidirectional replication.
Does the solution meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.B
Instead install and configure an Azure AD Connect server.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-ssoThe proposed solution does not meet the stated goal of enabling single sign-on (SSO) for company users.
The proposed solution involves configuring an Active Directory Domain Services (AD DS) server in an Azure virtual machine (VM) and configuring bidirectional replication. This would allow for synchronization of user account information between on-premises AD DS and Azure AD. However, this solution does not enable SSO for cloud apps when users are on their corporate desktops that are connected to the corporate network.
To achieve the goal of enabling SSO for company users, the following steps are needed:
Connect the on-premises AD DS domain to Azure AD using Azure AD Connect. This will synchronize user accounts and passwords from on-premises AD DS to Azure AD.
Configure Active Directory Federation Services (AD FS) to allow for authentication between on-premises AD DS and cloud-based applications. AD FS allows users to authenticate once with their on-premises credentials and then access cloud-based applications without having to enter their credentials again.
Configure desktops on the corporate network to use the AD FS server for SSO. This involves configuring the desktops to trust the AD FS server as an identity provider and configuring the web browsers on the desktops to allow for SSO.
By following these steps, users will be able to access cloud-based applications from their corporate desktops without having to enter their credentials again, achieving the goal of enabling SSO for company users.
Therefore, the proposed solution does not meet the goal, and the answer is B. No.
