Google Cloud Professional Cloud Architect — Question 12

Your company wants to start using Google Cloud resources but wants to retain their on-premises Active Directory domain controller for identity management.
What should you do?

Answer options

• A. Use the Admin Directory API to authenticate against the Active Directory domain controller.
• B. Use Google Cloud Directory Sync to synchronize Active Directory usernames with cloud identities and configure SAML SSO.
• C. Use Cloud Identity-Aware Proxy configured to use the on-premises Active Directory domain controller as an identity provider.
• D. Use Compute Engine to create an Active Directory (AD) domain controller that is a replica of the on-premises AD domain controller using Google Cloud Directory Sync.

Correct answer: B

Explanation

The correct answer is B because Google Cloud Directory Sync allows for the synchronization of Active Directory accounts with Google Cloud identities, enabling seamless identity management and SAML SSO configuration. Option A is incorrect as it does not facilitate synchronization or SSO, C is wrong since Cloud Identity-Aware Proxy is not primarily designed for this purpose, and D is not optimal because creating a replica AD domain controller would not leverage the existing on-premises identity management effectively.