Your company uses on-premises Microsoft Active Directory for authentication. The IT team wants every new employee account and its group memberships to appear in Cloud Identity automatically, without administrators signing in to the Google Cloud console each day. Passwords must still be verified against Active Directory. Which approach best meets these requirements while minimizing manual effort?
Enable workforce identity federation so Google Cloud automatically reads user and group data directly from Active Directory at sign-in.
Deploy Google Cloud Directory Sync and schedule it to synchronize users and groups from Active Directory to Cloud Identity.
Create a Cloud Function triggered by Pub/Sub onboarding events that calls the Cloud Identity API to add users and groups.
Export Active Directory accounts to a CSV file each week and use the Admin console's bulk upload feature to import them into Cloud Identity.
Google Cloud Directory Sync (GCDS) is designed to automate provisioning for Cloud Identity or Google Workspace. It regularly reads user and group objects from an LDAP source such as Active Directory and creates, updates, or deletes the corresponding accounts in Cloud Identity. Because GCDS copies only metadata-not passwords-authentication continues to occur against Active Directory when SAML or Google Credential Provider for Windows is configured. Identity federation alone does not provision users, bulk CSV uploads require ongoing manual work, and a custom Cloud Functions solution would duplicate the fully-supported GCDS capabilities and still require maintenance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Google Cloud Directory Sync (GCDS) and how does it work?
Open an interactive chat with Bash
What is the difference between Cloud Identity and Active Directory?
Open an interactive chat with Bash
Why is workforce identity federation insufficient in this scenario?
Open an interactive chat with Bash
What is Google Cloud Directory Sync (GCDS)?
Open an interactive chat with Bash
Why does identity federation alone not meet provisioning requirements?
Open an interactive chat with Bash
What is the role of SAML in authentication when using Active Directory?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Setting up a cloud solution environment
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .