A manufacturer wants partner-company users to access a procurement portal. The manufacturer does not want to create separate local accounts, and the partners want to authenticate their own users with existing corporate identities. Which two capabilities should be implemented? Select two.

Create a separate local account for every partner employee and store the passwords internally.

This duplicates identity management and defeats the goal of using partner-managed identities.

Use a shared generic partner login for each company to simplify support.

Shared accounts reduce accountability and make access revocation and auditing far harder.

Require partners to email screenshots of their credentials to request access.

Manual credential handling is insecure, unscalable, and inappropriate for production access control.

What does this SY0-701 question test?

Authentication checks who the user is.

What is the correct answer to this question?

The correct answer is: Trust the partner identity providers through federation and accept their assertions. — B and D are the best choices because they support partner authentication without local account sprawl. Federation allows the manufacturer to trust identity assertions from partner organizations, while role or group mapping converts those authenticated identities into the correct portal permissions. This approach preserves accountability, improves user experience, and avoids creating separate passwords for every external user. Why others are wrong: A and C both increase account management overhead and weaken accountability. E is obviously insecure and has no place in a real access design. The requirement is to leverage partner identities while still controlling authorization inside the portal, which is exactly what B and D accomplish.

What should I do if I get this SY0-701 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.