Answer-first summary for fast verification
Answer: Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.
The question requires centrally managing GCP IAM permissions from on-premises Active Directory using AD group membership. Option A (Cloud Directory Sync) is the correct approach because it specifically synchronizes AD groups with Google Cloud, allowing IAM permissions to be assigned to these synced groups. This maintains centralized management in AD while enabling GCP authorization. Option B (SAML 2.0 SSO) only handles authentication, not group synchronization for authorization. Options C and D involve programmatic creation via APIs, which doesn't leverage existing AD groups for centralized management and requires custom development. The community discussion strongly supports A (87% consensus, highest upvotes), emphasizing that CDS is the dedicated tool for this purpose, while SSO alone is insufficient for group-based permission management.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your team needs to centrally manage GCP IAM permissions from an on-premises Active Directory, using AD group membership for authorization. What is the recommended approach to achieve this?
A
Set up Cloud Directory Sync to sync groups, and set IAM permissions on the groups.
B
Set up SAML 2.0 Single Sign-On (SSO), and assign IAM permissions to the groups.
C
Use the Cloud Identity and Access Management API to create groups and IAM permissions from Active Directory.
D
Use the Admin SDK to create groups and assign IAM permissions from Active Directory.
No comments yet.