Exam Professional Cloud Security Engineer topic 1 question 105 discussion

Third-party identity providers If you have a third-party IdP, you can still configure SSO for third-party apps in the Cloud Identity catalog. User authentication occurs in the third-party IdP, and Cloud Identity manages the cloud apps. To use Cloud Identity for SSO, your users need Cloud Identity accounts. They sign in through your third-party IdP or using a password on their Cloud Identity accounts. https://cloud.google.com/identity/solutions/enable-sso

I think the correct answer is A and C. The questions asks about what is required with third-party IdP to authenticate the gcloud commands. So the gcloud command requests goes to GCP. Since GCP is integrated with Third-party IdP for authentication gcloud command needs to be authenticated with third-party IdP. This can be achieved if ThridPaty IdP supports SAML and OIDC protocols .

Selected Answer: AE

SSO SAML as a third-party IdP: This option ensures that the authentication mechanism used is SAML, which is required for third-party IdP integration. Cloud Identity: This provides the underlying infrastructure to integrate and manage identities with third-party SAML IdPs, enabling SSO authentication.

C. OpenID Connect E. Cloud Identity A. SSO SAML as a third-party IdP: While it accurately describes the desired authentication but It represents the outcome we want to achieve, not the solution itself.

OpenID is a different SSO protocol. We need SAML.

It specifically requires the SAML protocol. OpenID is another SSO protocol.

Options B, C, and D are not directly related to setting up authentication using a third-party SSO SAML identity provider. Identity Platform (option B) is a service for authentication and user management, OpenID Connect (option C) is another authentication protocol, and Identity-Aware Proxy (option D) is a service for managing access to Google Cloud resources but is not specifically related to SSO SAML authentication with a third-party IdP.

AE is the correct

"A,E" The requirement is for an SSO - SAML solution with a third party IDP. A- This is correct because it provides the right type of 3rd party partners. B - Not sufficient because not any IDP will suffice. Must be able to support SAML and SSO. C- OIDC is an option by not critical or a hard requirement. The questions asks about what is "..necessary..". D- IAP is not related to authentication mechanism but rather authorization. This is not the use case for it. E- This is needed on the receiving end in GCP to collaborate with 3rd party IDP (that has SAML SSO) https://cloud.google.com/identity/solutions/enable-sso

OpenID Connect has to be there. so A and C

Open ID seems to be necessary

A. SSO SAML as a third-party IdP: This option is necessary because it specifies that you want to use SAML-based SSO with a third-party IdP. C. OpenID Connect: This option is necessary to ensure that the third-party IdP supports OpenID Connect, which is a protocol for authentication and authorization. Therefore, the correct options are A and C.

https://cloud.google.com/certificate-authority-service/docs/tutorials/using-3pi-with-reflection#set-up-wip https://cloud.google.com/identity/solutions/enable-sso#solutions Nothing supports E to satisfy the requirements othe question

AE https://cloud.google.com/identity/solutions/enable-sso Third-party identity providers If you have a third-party IdP, you can still configure SSO for third-party apps in the Cloud Identity catalog. User authentication occurs in the third-party IdP, and Cloud Identity manages the cloud apps. To use Cloud Identity for SSO, your users need Cloud Identity accounts. They sign in through your third-party IdP or using a password on their Cloud Identity accounts.

answer is A and C.

To provide users with SSO-based access to selected cloud apps, Cloud Identity as your IdP supports the OpenID Connect (OIDC) and Security Assertion Markup Language 2.0 (SAML) protocols. https://cloud.google.com/identity/solutions/enable-sso