Question

An enterprise is trying to secure a specific web-based application by forcing the use of multifactor authentication. Currently, the enterprise cannot change the application's sign-in page to include an extra field. However, the web-based application supports SAML.

Which of the following would BEST secure the application?

A. Using an SSO application that supports mutli-factor authentication
B. Enabling the web application to support LDAP integration
C. Forcing higher-complexity passwords and frequent changes
D. Deploying Shibboleth to all web-based applications in the enterprise

Answer 1

The best secure option for the enterprise situating is using an SSO application that supports multifactor authentication. This leverages the web-based application's SAML support to add MFA without altering the application's sign-in procedures.

Step-by-step explanation:

The question is about securing a web-based application using multifactor authentication (MFA) when direct changes to the application's sign-in page aren't possible but the application supports Security Assertion Markup Language (SAML). The best option here would be A. Using an SSO application that supports multifactor authentication. By implementing a Single Sign-On (SSO) solution that integrates with SAML and supports MFA, users can authenticate once to the central SSO service, leveraging additional authentication factors, and then access the web-based application securely without the need for further sign-in prompts. This avoids the need to modify the application directly, thus leveraging existing SAML support.

Option B, enabling LDAP integration, would not necessarily add MFA but centralize authentication. Option C, enforcing stronger passwords, improves security but is not related to MFA. Option D, deploying Shibboleth, could be a possible solution, but it is broader in scope than needed for a single application and does not directly address the need for MFA if it's not configured to support it.