Your organization wants to use Microsoft Entra ID to authenticate users from a partner company that uses its own identity provider. Which federation standard should you use?
SAML 2.0 is commonly used for federation between identity providers.
Why this answer
SAML 2.0 is the correct federation standard because it enables cross-organization authentication by allowing Microsoft Entra ID to trust assertions from a partner company's own identity provider. SAML 2.0 is specifically designed for enterprise federation scenarios where an external IdP authenticates users and sends a SAML assertion to Entra ID for access.
Exam trap
The trap here is that candidates confuse OpenID Connect (which is for modern app authentication) with SAML 2.0 (which is the standard for enterprise federation between separate identity providers), especially when the question mentions 'federation' and 'partner company using its own identity provider'.
How to eliminate wrong answers
Option A is wrong because OAuth 2.0 is an authorization framework, not an authentication protocol; it issues access tokens for delegated access but does not provide user identity assertions. Option B is wrong because SCIM (System for Cross-domain Identity Management) is a provisioning standard for automating user identity lifecycle management, not for authentication or federation. Option C is wrong because OpenID Connect is an authentication layer built on OAuth 2.0, but it is optimized for modern applications and social logins, not for the enterprise federation scenario where a partner company uses its own identity provider with SAML 2.0 assertions.