What is one key concept of federation in identity management?

The concept of federation in identity management is fundamentally about enabling users to authenticate and access services across different domains or systems without needing to maintain separate sets of credentials for each one. This is achieved through technologies that facilitate single sign-on (SSO) mechanisms.

When federation is implemented, an identity provider (IdP) authenticates a user once, and then that user's authentication can be utilized across various service providers (SPs). This streamlines the user experience, as they do not have to log in multiple times when accessing different applications or services associated with different organizations or domains.

The other options do not represent the essence of federation correctly. Restricting access to a single domain contradicts the principle of federation, which is about enabling access across multiple domains. Simplifying accounting processes is not a primary focus of federated identity management; instead, it mainly deals with user authentication and authorization. Lastly, while federation involves various security protocols to ensure secure communication and authentication (such as SAML or OAuth), it does not eliminate the need for these protocols but rather depends on them to function effectively.