Answer: Install Google Cloud Directory Sync and connect it to Active Directory and Cloud Identity., Create Identity and Access Management (IAM) roles with permissions corresponding to each Active Directory group.

The question requires integrating on-premises Active Directory with Google Cloud for identity and access management. Option C (Install Google Cloud Directory Sync) is essential as it synchronizes users and groups from Active Directory to Cloud Identity, enabling the use of AD as an identity provider. Option D (Create IAM roles with permissions corresponding to each Active Directory group) is optimal because GCDS syncs AD groups to Cloud Identity, and IAM roles can then be assigned directly to these synced groups for granular access control. This avoids redundancy (Option E, creating separate IAM groups, is unnecessary since groups are synced) and aligns with Google Cloud best practices. Option A (Identity Platform) is for customer identity management, not enterprise AD integration. Option B (Cloud Identity SAML) handles authentication but not provisioning, and the community discussion highlights that SAML is for SSO, not the synchronization required here. The consensus from highly upvoted comments (e.g., CD at 53% vs. CE at 43%) supports CD, emphasizing that GCDS syncs groups and roles are assigned to them, not recreated.

Author: LeetQuiz Editorial Team