Your organization uses Active Directory to authenticate users. Users' Google account access must be removed when their Active Directory account is terminated.
How should your organization meet this requirement?
Your organization uses Active Directory to authenticate users. Users' Google account access must be removed when their Active Directory account is terminated.
How should your organization meet this requirement?
To ensure that users' Google account access is automatically removed when their Active Directory account is terminated, configuring single sign-on (SSO) in the Google domain is the most effective solution. This approach centralizes user authentication and management, leveraging Active Directory as the authoritative source. When a user's Active Directory account is deactivated, their Google account access will also be revoked, as the SSO setup relies on Active Directory for authentication.
D seems correct https://cloud.google.com/architecture/identity/federating-gcp-with-active-directory-configuring-single-sign-on
SSO allows for centralized user management, where user accounts and access permissions are managed in a single identity provider (such as Active Directory). When a user's Active Directory account is terminated, SSO provides a centralized point to revoke access across multiple applications and services, including Google accounts.
Per Google Docs article, Federating Google Cloud with Active Directory. "This article describes how you can configure Cloud Identity or Google Workspace to use Active Directory as IdP and authoritative source. The article compares the logical structure of Active Directory with the structure used by Cloud Identity and Google Workspace and describes how you can map Active Directory forests, domains, users, and groups. The article also provides a flowchart that helps you determine the best mapping approach for your scenario." https://cloud.google.com/architecture/identity/federating-gcp-with-active-directory-introduction
Your organization uses Active Directory to authenticate users. Then you need to use Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID and password to different systems and software. SSO allows IT departments to administrator a single identity that can access many machines and cloud services.
The correct answer should be "Setting up federation between Active Directory and Cloud Identity or Google Workspace". To do that, you have to enable automatic users provisioning and SSO.
SSO means federation between AD and Cloud ID, so is the correct answer
Go for D
The question asked to provide a solution to remove users' Google account access when their Active Directory account is terminated. So, option 'C' should be correct as BeyondCorp and Identity Aware Proxy are focused solutions to mage Identity and implement a Zero trust model.
The correct answer is D. If you have SSO configured, once a user's AD account is terminated, their access is removed from all services using AD.
SSO is the answer
D is correct
Using SSO would help in removing access once the account is no longer active.
D. Configure single sign-on in the Google domain
D is correct
SSO is correct as deletion of AD account will remove access from GCP as well.
D is correct
Answer is D
When you use SSO, you are redirected to an external Identity Provider. In this question, it is Microsoft AD. SAML assertion is sent to Google Cloud once the user is authenticated.