Google Cloud Professional Cloud Security Engineer — Question 115

Your organization is using Active Directory and wants to configure Security Assertion Markup Language (SAML). You must set up and enforce single sign-on (SSO) for all users.

What should you do?

Answer options

• A. 1. Create a new SAML profile. 2. Populate the sign-in and sign-out page URLs. 3. Upload the X.509 certificate. 4. Configure Entity ID and ACS URL in your IdP.
• B. 1. Configure prerequisites for OpenID Connect (OIDC) in your Active Directory (AD) tenant. 2. Verify the AD domain. 3. Decide which users should use SAML. 4. Assign the pre-configured profile to the select organizational units (OUs) and groups.
• C. 1. Create a new SAML profile. 2. Upload the X.509 certificate. 3. Enable the change password URL. 4. Configure Entity ID and ACS URL in your IdP.
• D. 1. Manage SAML profile assignments. 2. Enable OpenID Connect (OIDC) in your Active Directory (AD) tenant. 3. Verify the domain.

Correct answer: A

Explanation

The correct answer is A because it includes all necessary steps to create a SAML profile and configure the required URLs and certificate for SSO. Options B and D focus on OpenID Connect or managing profiles, which are not directly applicable for setting up SAML. Option C is missing the sign-in and sign-out page URL configuration, which is essential for a complete SSO setup.