2v0-2123 Exam QuestionsBrowse all questions from this exam
Go to Exam

2v0-2123 Exam - Question 18

An administrator is tasked with configuring an appropriate Single Sign-On (SSO) solution for VMware vCenter based on the following criteria:

The solution should support the creation of Enhanced Link Mode groups.

All user accounts are stored within a single Active Directory domain and the solution must support only this Active Directory domain as the identity source.

All user account password and account lockout policies must be managed within the Active Directory domain.

The solution should support token-based authentication.

Which SSO solution should the administrator choose based on the criteria?

Show Answer
Correct Answer: A

The administrator should choose vCenter Identity Provider Federation with Active Directory Federation Services (ADFS) as the identity provider. This solution supports the creation of Enhanced Link Mode groups, uses only Active Directory as the identity source, and allows Active Directory to manage user account password and account lockout policies. Additionally, ADFS supports token-based authentication, which meets all the specified criteria.

Discussion

11 comments
Sign in to comment
ktskyOption: A
May 31, 2023

„ In vCenter Server Identity Provider Federation, vCenter Server uses the OpenID Connect (OIDC) protocol to receive an identity token that authenticates the user with vCenter Server.“ Integrated Windows Authentication is deprecated since vSphere 7.0 https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-157188E3-531C-4CC2-BDD4-8BF01EA26BDC.html

kernelkrautOption: A
Aug 8, 2023

Who is choosing these answers? Only A (ADFS) is token based...

michael24Option: C
May 31, 2023

C: the requirement to only allow logins from that specific AD

michael24
Jun 1, 2023

Yeah, totally missed the token requirement. Switching my answer to A.

RJB71
Jul 21, 2024

it says "should support" not that it's a requirement, but i dont see why B isn't the answer and just use 1 AD URL as the domain -

payamOption: A
Aug 12, 2023

https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-authentication/GUID-C5E998B2-1148-46DC-990E-A5DB71F93351.html

MalGilOption: A
May 29, 2024

C is depreciated, why is it showing as the correct answer?

DesolateMarauderOption: A
Jul 21, 2023

A. vCenter Identity Provider Federation with Active Directory Federation Services as the identity provider.

DesolateMarauder
Jul 21, 2023

Option A involves using vCenter Identity Provider Federation, which supports token-based authentication, and utilizes Active Directory Federation Services (ADFS) as the identity provider. ADFS enables token-based authentication, allowing users to obtain security tokens to access vCenter resources. This solution satisfies all the criteria, including supporting Enhanced Linked Mode groups, using a single Active Directory domain as the identity source, managing user account policies within Active Directory, and supporting token-based authentication.

[Removed]
Aug 30, 2023

vCenter Server Identity Provider Federation and Enhanced Linked Mode https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-authentication/GUID-4B4E336B-75E4-47D9-9BDE-E835071E71F9.html

ohenriquez65Option: C
Nov 18, 2023

Ima is deprecated, why is it the right answer

FR_WolfmanOption: A
Nov 21, 2023

Answer A. It is the only way to bypass the vCenter SSO, and use Active Directory as the only identity source.

elekgeekOption: A
Feb 8, 2024

Token-based ---> AD FS

RJB71Option: B
Jul 21, 2024

I don't see what's wrong with B - when LDAP accepts token authentication. And identity sources can use 1 link to the domain. It says the solution SHOULD support token based auth and LDAP does this