A company wants employees to sign in once with corporate credentials and access multiple SaaS apps without creating separate passwords for each service. Which two features best support this goal? Select two.

Shared generic accounts for each department.

Shared accounts weaken accountability because actions cannot be tied to one person. They also create password-sharing risks and make it harder to revoke access cleanly when people leave.

Storing the same password inside every SaaS application.

Duplicating passwords across services increases the chance of reuse and compromise. If one application is breached, attackers may reuse the credentials elsewhere.

Disabling MFA so the sign-in process is faster.

Disabling MFA reduces security and is not required for SSO. A secure architecture typically keeps MFA in place because centralized sign-in should still be strongly protected.

What does this SY0-701 question test?

Read the scenario before looking for a memorised answer.

What is the correct answer to this question?

The correct answer is: Federation trust between the corporate identity provider and the SaaS provider. — Federation and single sign-on are the best fit because they let the company use one trusted identity source for multiple cloud services. Federation establishes the trust relationship between the provider and the SaaS app, while SSO reduces repeated prompts for the user. This design improves usability and security at the same time because the organization keeps authentication centralized and easier to manage. Why others are wrong: Shared accounts and password duplication make access harder to audit and easier to abuse. Disabling MFA would weaken the overall design instead of improving it. The main objective is centralized, trusted authentication, not convenience through weaker controls.

What should I do if I get this SY0-701 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.