Google Cloud Professional Cloud Developer — Question 302

Your organization has users and groups configured in an external identity provider (IdP). You want to leverage the same external IdP to allow Google Cloud console access to all employees. You also want to personalize the sign-in experience by displaying the user's name and photo when users access the Google Cloud console. What should you do?

Answer options

• A. Configure workforce identity federation with the external IdP, and set up attribute mapping.
• B. Configure a service account for each individual by using the user name and photo, and grant permissions for each user to impersonate their respective service accounts.
• C. Configure workload identity federation to get the external IdP tokens, and use these tokens to sign in to the Google Cloud console.
• D. Create a Google group that includes organization email IDs for all users. Ask users to use the same name, work email ID, and password to register and sign in.

Correct answer: A

Explanation

The correct answer is A because configuring workforce identity federation allows seamless integration with the external IdP while enabling personalized sign-in experiences through attribute mapping. Option B is incorrect as creating individual service accounts does not facilitate a streamlined sign-in process and adds unnecessary complexity. Option C talks about workload identity federation, which is not the best fit for this scenario. Option D requires users to manage separate credentials, which is contrary to the goal of leveraging the existing IdP.