[Reference:, In Microsoft SCI terminology, authorization is the stage that answers “what can this authenticated user do?” Microsoft Learn explains that authorization is “the process of determining what a user is allowed to do or access after they have been authenticated” and governs access to specific resources (apps, APIs, data) through policies such as role assignments, permissions, and Conditional Access. By contrast, authentication is “the process of proving identity,” for example by entering a password, using MFA, or presenting a certificate—authentication verifies who the user is, not what they can access., SCI guidance further clarifies adjacent concepts: single sign-on (SSO) streamlines the authentication experience by allowing a user to sign in once and then access multiple applications without repeated prompts; it does not decide the user’s rights within those apps. Federation establishes trust between identity providers and service providers to enable cross-domain authentication, but authorization decisions still occur based on the receiving service’s policies and the user’s claims/roles., Therefore, when the sentence asks for “the process of identifying whether a signed-in user can access a specific resource,” the correct concept is authorization, because it evaluates the user’s permissions and enforces access control after successful authentication., , , , ]