Your organization uses Active Directory to authenticate users. Users' Google account access must be removed when their Active Directory account is terminated. How should your organization meet this requirement?
A.
Configure two-factor authentication in the Google domain
B.
Remove the Google account from all IAM policies
C.
Configure BeyondCorp and Identity-Aware Proxy in the Google domain
SSO allows for centralized user management, where user accounts and access permissions are managed in a single identity provider (such as Active Directory). When a user's Active Directory account is terminated, SSO provides a centralized point to revoke access across multiple applications and services, including Google accounts.
When you use SSO, you are redirected to an external Identity Provider. In this question, it is Microsoft AD. SAML assertion is sent to Google Cloud once the user is authenticated.
Per Google Docs article, Federating Google Cloud with Active Directory. "This article describes how you can configure Cloud Identity or Google Workspace to use Active Directory as IdP and authoritative source.
The article compares the logical structure of Active Directory with the structure used by Cloud Identity and Google Workspace and describes how you can map Active Directory forests, domains, users, and groups. The article also provides a flowchart that helps you determine the best mapping approach for your scenario."
https://cloud.google.com/architecture/identity/federating-gcp-with-active-directory-introduction
The correct answer should be "Setting up federation between Active Directory and Cloud Identity or Google Workspace". To do that, you have to enable automatic users provisioning and SSO.
The question asked to provide a solution to remove users' Google account access when their Active Directory account is terminated. So, option 'C' should be correct as BeyondCorp and Identity Aware Proxy are focused solutions to mage Identity and implement a Zero trust model.
Your organization uses Active Directory to authenticate users.
Then you need to use Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID and password to different systems and software.
SSO allows IT departments to administrator a single identity that can access many machines and cloud services.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
JCE
Highly Voted 2 years, 10 months agocookieMr
Highly Voted 1 year, 5 months agomoncherie
Most Recent 4 months agojoe03
4 months, 3 weeks agoSurek
11 months, 1 week agochai_gpt
1 year ago__rajan__
1 year, 1 month agomdsarfraz69
1 year, 2 months agostar2anand
1 year, 8 months agoKanikaA
1 year, 9 months agoucsdmiami2020
1 year, 11 months agoPou1ze
1 year, 12 months agoronieto
2 years agoSimonIt73
2 years agorikininetysix
2 years, 1 month agohogtrough
2 years, 1 month agoharoldbenites
2 years, 5 months agoMonicaarg
2 years, 6 months ago