Explanation:
The question requires integrating Google Cloud resources with an on-premises Active Directory domain controller while retaining it as the primary identity management source. Option B is the correct answer because Google Cloud Directory Sync (GCDS) synchronizes user accounts and groups from on-premises AD to Cloud Identity, enabling users to access GCP resources with their existing identities. Configuring SAML SSO allows authentication to be delegated to the on-premises AD, ensuring passwords remain on-premises. This approach aligns with Google's recommended practice for federating GCP with Active Directory. Option A is incorrect as the Admin Directory API is not designed for AD authentication. Option C is suboptimal because Cloud IAP alone does not synchronize identities and may not support direct AD integration without additional components like ADFS. Option D is incorrect as it involves creating a replica AD domain controller in GCP, which contradicts the requirement to retain the on-premises AD as the primary source. The community discussion strongly supports B, with 89% consensus, citing official documentation and reasoning that GCDS with SAML SSO meets the requirement effectively.
Ultimate access to all questions.
Your company wants to begin using Google Cloud resources while continuing to use their on-premises Active Directory domain controller for identity management. What should you do?
A
Use the Admin Directory API to authenticate against the Active Directory domain controller.
B
Use Google Cloud Directory Sync to synchronize Active Directory usernames with cloud identities and configure SAML SSO.
C
Use Cloud Identity-Aware Proxy configured to use the on-premises Active Directory domain controller as an identity provider.
D
Use Compute Engine to create an Active Directory (AD) domain controller that is a replica of the on-premises AD domain controller using Google Cloud Directory Sync.
No comments yet.