Explanation:

When building a business case for purchasing a third-party Identity Provider (IdP), the architect should focus on the core enterprise security and productivity benefits that such a solution provides. One of the key advantages of an IdP is that it enables centralized authentication across multiple applications (✅ Option A). Rather than users managing separate credentials for each business app, the IdP can act as a single source of authentication, streamlining access and improving security. This is especially valuable for organizations like Universal Containers that use multiple internal and external apps — including Salesforce — and want a single sign-on (SSO) experience.

Another major benefit is the ability to centralize password policies across the enterprise (✅ Option D). With an IdP, organizations can enforce consistent password complexity, expiration, and MFA policies for all connected applications. This reduces administrative overhead, increases security, and ensures compliance with IT and regulatory standards. These two capabilities — centralized authentication and centralized password policy enforcement — are foundational to modern identity and access management.

The other options, while related to identity, are less relevant or not core to IdP functionality:

Option B (authenticating social media accounts) pertains more to consumer identity providers (like Facebook or Google) than enterprise-grade IdPs.

Option C (storing credentials) is more of a password vault feature, not a function of a true SAML/OIDC-based IdP, which relies on token-based authentication, not credential storage.