Notifications
Clear all
Topic starter
Your organization uses Active Directory to authenticate users. Users’ Google account access must be removed when their Active Directory account is terminated.
How should your organization meet this requirement?
- A . Configure two-factor authentication in the Google domain
B. Remove the Google account from all IAM policies
C. Configure BeyondCorp and Identity-Aware Proxy in the Google domain
D. Configure single sign-on in the Google domain
Suggested Answer: D
Explanation:
Configure single sign-on in the Google domain
Single sign-on: Whenever a user needs to authenticate, Google Cloud delegates the authentication to Active Directory by using the Security Assertion Markup Language (SAML) protocol. This delegation ensures that only Active Directory manages user credentials and that any applicable policies or multi-factor authentication (MFA) mechanisms are being enforced. For a sign-on to succeed.
Explanation:
Configure single sign-on in the Google domain
Single sign-on: Whenever a user needs to authenticate, Google Cloud delegates the authentication to Active Directory by using the Security Assertion Markup Language (SAML) protocol. This delegation ensures that only Active Directory manages user credentials and that any applicable policies or multi-factor authentication (MFA) mechanisms are being enforced. For a sign-on to succeed.
https://cloud.google.com/architecture/identity/federating-gcp-with-active-directory-introduction
Reference Link- https://cloud.google.com/architecture/identity/single-sign-on
Posted : 11/02/2023 1:40 pm