Exam 2v0-2123 All QuestionsBrowse all questions from this exam
Go to Exam
Question 18

An administrator is tasked with configuring an appropriate Single Sign-On (SSO) solution for VMware vCenter based on the following criteria:

The solution should support the creation of Enhanced Link Mode groups.

All user accounts are stored within a single Active Directory domain and the solution must support only this Active Directory domain as the identity source.

All user account password and account lockout policies must be managed within the Active Directory domain.

The solution should support token-based authentication.

Which SSO solution should the administrator choose based on the criteria?

    Correct Answer: A

    The administrator should choose vCenter Identity Provider Federation with Active Directory Federation Services (ADFS) as the identity provider. This solution supports the creation of Enhanced Link Mode groups, uses only Active Directory as the identity source, and allows Active Directory to manage user account password and account lockout policies. Additionally, ADFS supports token-based authentication, which meets all the specified criteria.

Discussion
ktskyOption: A

„ In vCenter Server Identity Provider Federation, vCenter Server uses the OpenID Connect (OIDC) protocol to receive an identity token that authenticates the user with vCenter Server.“ Integrated Windows Authentication is deprecated since vSphere 7.0 https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-157188E3-531C-4CC2-BDD4-8BF01EA26BDC.html

kernelkrautOption: A

Who is choosing these answers? Only A (ADFS) is token based...

MalGilOption: A

C is depreciated, why is it showing as the correct answer?

payamOption: A

https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-authentication/GUID-C5E998B2-1148-46DC-990E-A5DB71F93351.html

michael24Option: C

C: the requirement to only allow logins from that specific AD

michael24

Yeah, totally missed the token requirement. Switching my answer to A.

RJB71

it says "should support" not that it's a requirement, but i dont see why B isn't the answer and just use 1 AD URL as the domain -

RJB71Option: B

I don't see what's wrong with B - when LDAP accepts token authentication. And identity sources can use 1 link to the domain. It says the solution SHOULD support token based auth and LDAP does this

elekgeekOption: A

Token-based ---> AD FS

FR_WolfmanOption: A

Answer A. It is the only way to bypass the vCenter SSO, and use Active Directory as the only identity source.

ohenriquez65Option: C

Ima is deprecated, why is it the right answer

[Removed]

vCenter Server Identity Provider Federation and Enhanced Linked Mode https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-authentication/GUID-4B4E336B-75E4-47D9-9BDE-E835071E71F9.html

DesolateMarauderOption: A

A. vCenter Identity Provider Federation with Active Directory Federation Services as the identity provider.

DesolateMarauder

Option A involves using vCenter Identity Provider Federation, which supports token-based authentication, and utilizes Active Directory Federation Services (ADFS) as the identity provider. ADFS enables token-based authentication, allowing users to obtain security tokens to access vCenter resources. This solution satisfies all the criteria, including supporting Enhanced Linked Mode groups, using a single Active Directory domain as the identity source, managing user account policies within Active Directory, and supporting token-based authentication.