Q: 3
When users are authenticated using SAML, what are the two most efficient ways of provisioning the
users?
Options
Discussion
Nah, I think D is right here. SCIM is made for auto user management and SAML autoprovisioning handles just-in-time cases-way more efficient than directory sync for SAML users. C mixes in classic syncing but isn't as direct for this context.
C or D? D probably fits SAML provisioning better since SCIM plus JIT is streamlined but directory sync (C) feels like a common trap here.
C/D? I'm pretty sure D is more efficient for SAML auth since SCIM automates provisioning and SAML JIT covers instant onboarding, but C trips people up because directory sync seems thorough. Directory sync can miss users who never log in through AD though. Happy to hear if folks have seen C work better for SAML-only environments.
C tbh. Directory Server Synchronization plus SCIM sounded like the best combo when I did labs, since SCIM does automated cloud provisioning and directory sync covers AD. Official guide mentions both, might have missed something about JIT but I'm not sure it's needed with strong directory sync. Anyone else pick C from practice exams?
C. wouldn't Directory Sync plus SCIM be more comprehensive? SAML JIT feels optional if you're syncing the user base.
I get where you're coming from, Jack. SAML autoprovisioning (JIT) kicks in only when users first authenticate via SAML, so if initial onboarding needs to be hands-off, D makes sense. Directory sync is good for bulk updates but doesn't catch users who join through SAML only. Pretty sure that's why SCIM plus SAML autoprovisioning is a better fit here, but correct me if I've misunderstood.
D imo, since both SCIM and SAML autoprovisioning are the most automated for SAML users. Can't think of a more efficient combo.
B . SAML plus Hosted User DB looks efficient since it keeps things simple and both are supported for auth and provisioning. I think the trap is assuming you always need SCIM when just using SAML might handle it too. Not totally sure though, maybe someone can clarify if Directory Sync is really needed here.
D
Pretty sure D is correct, saw a similar question in an older exam set.
Be respectful. No spam.
