Google Workspace Professional Administrator — Question 119

Your organization is moving from a legacy mail system to Google Workspace. This move will happen in phases. During the first phase, some of the users in the domain are set up to use a different identity provider (IdP) for logging in. You need to set up multiple IdPs for various users. What should you do?

Answer options

• A. Enable single sign-on (SSO) with third-party identity providers and exclude the users who are using a different provider.
• B. Enable single sign-on (SSO) with Cloud Identity, and use Cloud Directory Sync to manage multiple identity providers.
• C. Create Security Assertion Markup Language (SAML) based single sign-on (SSO) profiles and assign them to specific organizational units or groups of users.
• D. Nothing. Google uses cookies to establish a user's relationship to a device. This will cover multiple identity providers.

Correct answer: C

Explanation

The correct answer is C because creating SAML-based SSO profiles allows you to assign specific configurations to different organizational units or user groups, enabling the use of multiple IdPs. Option A is incorrect as it does not allow for multiple IdPs, only excluding certain users. Option B, while it mentions Cloud Identity, does not specifically address the need for multiple IdPs in user assignments. Option D is incorrect because relying solely on cookies does not provide the necessary control or configuration for using multiple identity providers.