Explanation:
The question requires a solution to centrally manage identities and authorizations for both corporate and public end-users, with corporate users accessing via their existing corporate credentials. Option D (using Identity Platform) is optimal because it is specifically designed as a Customer Identity and Access Management (CIAM) tool that supports both corporate identities (via federation with external IdPs) and public end-users, providing centralized management, multi-factor authentication, and user management features. Option B (Workforce Identity Federation) is less suitable as it is intended for workforce identities (employees, contractors) accessing Google Cloud resources, not for managing application end-users, and it does not support public users. Option A (domain restricted sharing) only restricts sharing within domains and does not address identity management. Option C is incorrect as Google Workspace identities alone cannot filter out personal accounts effectively for this use case. The community discussion strongly supports D (73% consensus) with detailed reasoning that CIAM tools like Identity Platform are designed for this exact scenario.
Ultimate access to all questions.
No comments yet.
Your organization is developing an application for both corporate and public end-users, and you need to centrally manage their identities and authorizations. Corporate users must access the application using their existing corporate username and domain. What should you do?
A
Add the corporate and public end-user domains to domain restricted sharing on the organization.
B
Federate the customers' identity provider (IdP) with Workforce Identity Federation in your application's project.
C
Do nothing. Google Workspace identities will allow you to filter personal accounts and disable their access.
D
Use a customer identity and access management tool (CIAM) like Identity Platform.