In a federated network, which entity holds the user account and performs authentication?

• A. Identity Provider (IdP)
• B. Service Provider (SP)
• C. Federation Authority
• D. Access Gateway

Answer: (A)

In federated identity, the Identity Provider is the one that holds user accounts and handles authentication. The IdP stores user credentials, verifies them when you sign in (often with MFA), and after successful authentication issues a signed assertion or token that proves who you are. The Service Provider trusts that assertion to grant you access, so it doesn’t need to know or manage your credentials itself. This separation—authentication and account storage by the IdP, with the Service Provider relying on the IdP’s assertion—enables single sign-on across multiple services. The other roles aren’t responsible for maintaining user accounts in this flow: the Service Provider is the resource relying on the IdP, the Federation Authority isn’t the standard component that authenticates users, and an Access Gateway is more of an access-control gateway than the credential holder and authenticator in a federated system.