Exam Professional Cloud Security Engineer topic 1 question 288 discussion

Workforce Identity Federation is designed for managing external workforce identities, such as contractors or business partners, not public-facing end-users. Therefore, cannot be B.

Option B suggests federating the customers' identity provider (IdP) with Workforce Identity Federation in your application's project. While Workforce Identity Federation is a powerful tool for integrating external identity providers, it is primarily designed for managing access to Google Cloud resources by external identities, such as contractors or partners, rather than managing end-user identities for an application. Using a customer identity and access management tool (CIAM) like Identity Platform (Option D) is more appropriate because it is specifically designed to handle both corporate and public end-user identities. It provides features like multi-factor authentication, user management, and integration with various identity providers, making it a comprehensive solution for managing diverse user bases.

For an application serving both corporate and public end-users, a Customer Identity and Access Management (CIAM) solution is the best approach. Google Cloud Identity Platform provides the tools necessary to centrally manage user authentication and authorization while supporting both corporate and public users. B. Federate the customers' identity provider (IdP) with Workforce Identity Federation in your application's project. Workforce Identity Federation is intended for internal workforce users (employees, contractors) to access Google Cloud resources, not for managing application users. It does not support public users, making it unsuitable for this use case.

Torn b/w B & D. B just doesn't address the public end users at all. Question seems poorly written (who are the customers..)

D is incorrect: the question specifically highlights the need for corporate users to access the application using their corporate user credentials, which is best addressed through Workforce Identity Federation.

"the application will have both corporate AND PUBLIC END-USERS". This means that the solution applies to Identity Platform, therefore D.

Obviously it's D. - Identity Platform : A customer identity and access management (CIAM) platform that lets users sign in to your applications and services. This is ideal for users who want to be their own identity provider, or who need the enterprise-ready functionality Identity Platform provides. - Workforce Identity Federation : This is an IAM feature that lets you configure and secure granular access for your workforce—employees and partners—by federating identities from an external identity provider (IdP).

B is correct - By federating your customers' IdP with WIF, you can provide a seamless authentication experience for your users while maintaining control over identity and access management in your Google Cloud environment.

I think it's B.