GCP Professional Cloud Security Engineer Practice Question
Your enterprise uses two external identity systems. Azure AD issues SAML 2.0 assertions, while an internal identity provider releases only OpenID Connect (OIDC) ID tokens. Company policy forbids copying user accounts into Cloud Identity; instead, you must rely on Workforce Identity Federation so both groups can obtain short-lived Google Cloud access tokens. Which configuration will meet the requirements with the least operational overhead?
Create a single workforce identity pool, add a SAML provider for Azure AD and an OIDC provider for the custom IdP, then grant IAM roles to identities in the pool.
Establish LDAP over Cloud VPN for each identity system and allow access through service account impersonation.
Create one workload identity pool and configure two OIDC providers, directing Azure AD users to authenticate through OIDC instead of SAML.
Deploy Google Cloud Directory Sync to import all users, then configure SAML single sign-on for both identity systems.
Workforce Identity Federation supports both SAML 2.0 and OpenID Connect. You create a workforce identity pool that can contain multiple providers, each representing one external IdP. By adding a SAML provider for Azure AD and an OIDC provider for the in-house IdP, you accept each system's native tokens and map asserted attributes to Google Cloud principals, allowing users to exchange their SAML or OIDC assertions for Google-issued short-lived credentials without synchronizing accounts. Using Google Cloud Directory Sync would violate the no-sync requirement, workload identity pools are intended for non-human workloads, and LDAP integration is not a supported federation protocol for workforce pools, so those alternatives do not satisfy the constraints.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Workforce Identity Federation in Google Cloud?
Open an interactive chat with Bash
How does Workforce Identity Pools support multiple identity providers?
Open an interactive chat with Bash
Why is Cloud Identity synchronization not suitable in this scenario?
Open an interactive chat with Bash
What is Workforce Identity Federation in Google Cloud?
Open an interactive chat with Bash
What is the difference between SAML 2.0 and OpenID Connect (OIDC)?
Open an interactive chat with Bash
What role does an identity pool play in managing external IdPs?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .