Exam: Cloud Digital Leader 0 Likes
Your organization uses Active Directory to authenticate users. (Digital Leader)
Your organization uses Active Directory to authenticate users. Users' Google account access must be removed when their Active Directory account is terminated.
How should your organization meet this requirement?
A) Configure two-factor authentication in the Google domain.
B) Remove the Google account from all IAM policies.
C) Configure BeyondCorp and Identity-Aware Proxy in the Google domain.
D) Configure single sign-on in the Google domain.
Solution
Correct answer: D) Configure single sign-on in the Google domain.
Here's why SSO is the correct solution:
Centralized Authentication: SSO allows users to access multiple applications, including Google services, using their Active Directory credentials. This means that when an Active Directory account is terminated, the user's access to all linked applications, including their Google account, is automatically revoked.
Seamless Integration: SSO seamlessly integrates Active Directory with Google's authentication system, eliminating the need for separate logins and ensuring consistent access management.
Enhanced Security: SSO reduces the risk of unauthorized access and password fatigue by reducing the number of passwords users need to manage.
Why the other options are not suitable:
A -Configure two-factor authentication: While two-factor authentication (2FA) adds an extra layer of security, it doesn't address the specific requirement of automatically removing Google account access upon Active Directory termination.
B - Remove the Google account from all IAM policies: This would manually revoke access, but it's not an automated solution and could be prone to errors or delays.
C - Configure BeyondCorp and Identity-Aware Proxy: These technologies are primarily focused on securing access to internal resources based on device and user trust, rather than managing user account terminations.
By configuring SSO, your organization can ensure that Google account access is automatically and consistently aligned with Active Directory account status, enhancing security and simplifying access management.
Category: Google Cloud security and operations