Answer-first summary for fast verification
Answer: Configure workforce identity federation with the external IdP, and set up attribute mapping.
Workforce Identity Federation is designed for allowing employees (workforce) to access Google Cloud using external identity providers (IdP). By configuring attribute mapping, user attributes like name and photo from the external IdP can be passed to Google Cloud, personalizing the sign-in experience. Workload Identity Federation (Option C) is intended for non-human workloads, not user access. Service accounts per user (Option B) are impractical and not meant for human users. Creating a Google group (Option D) does not integrate with the external IdP and requires separate credentials.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization manages users and groups through an external identity provider (IdP). You need to enable Google Cloud console access for all employees using this external IdP while customizing the sign-in experience to display each user's name and photo. What steps should you take?
A
Configure workforce identity federation with the external IdP, and set up attribute mapping.
B
Configure a service account for each individual by using the user name and photo, and grant permissions for each user to impersonate their respective service accounts.
C
Configure workload identity federation to get the external IdP tokens, and use these tokens to sign in to the Google Cloud console.
D
Create a Google group that includes organization email IDs for all users. Ask users to use the same name, work email ID, and password to register and sign in.
No comments yet.