Google Cloud Professional Collaboration Engineer — Question 12

Your organization has implemented Single Sign-On (SSO) for the multiple cloud-based services it utilizes. During authentication, one service indicates that access to the SSO provider cannot be accessed due to invalid information.
What should you do?

Answer options

• A. Verify the NameID Element in the SAML Response matches the Assertion Consumer Service (ACS) URL.
• B. Verify the Audience Element in the SAML Response matches the Assertion Consumer Service (ACS) URL.
• C. Verify the Subject attribute in the SAML Response matches the Assertion Consumer Service (ACS) URL.
• D. Verify the Recipient attribute in the SAML Response matches the Assertion Consumer Service (ACS) URL.

Correct answer: B

Explanation

The correct answer is B because the Audience Element must match the ACS URL to ensure that the SAML assertion is intended for that specific service. The other options, while related to the SAML Response, do not directly address the requirement for the Audience Element to validate the service's access to the SSO provider.