Answer-first summary for fast verification
Answer: Configure the central identity provider as a workforce identity pool provider in Workforce Identity Federation. Create an attribute mapping by using the Common Expression Language (CEL).
Option A is correct because Workforce Identity Federation specifically addresses the requirement to use an external identity provider without syncing identities to Google Cloud, while enabling attribute-based access control using Common Expression Language (CEL). This aligns with the scenario's key constraints: no identity synchronization and attribute-based permissions. The community discussion strongly supports A with 100% consensus and upvoted comments referencing Google's documentation. Option B involves periodic synchronization, which violates the 'without syncing' requirement. Option C (Google Cloud Identity Platform) is more suited for customer identity scenarios, not workforce access. Option D (IAP with SAML) is for application-level access control, not console access, and doesn't inherently provide attribute-based permissions mapping.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your organization is using a third-party identity provider to centrally manage users. You want to use this identity provider to grant access to the Google Cloud console without syncing identities to Google Cloud. Users should receive permissions based on their attributes. What should you do?
A
Configure the central identity provider as a workforce identity pool provider in Workforce Identity Federation. Create an attribute mapping by using the Common Expression Language (CEL).
B
Configure a periodic synchronization of relevant users and groups with attributes to Cloud Identity. Activate single sign-on by using the Security Assertion Markup Language (SAML).
C
Set up the Google Cloud Identity Platform. Configure an external authentication provider by using OpenID Connect and link user accounts based on attributes.
D
Activate external identities on the Identity-Aware Proxy. Use the Security Assertion Markup Language (SAML) to configure authentication based on attributes to the central authentication provider.
No comments yet.