GCP Professional Cloud Security Engineer Practice Question
Your organization plans to let employees access the Google Cloud Console with their existing on-premises Active Directory credentials that are authenticated by AD FS. A strict security policy forbids storing or synchronizing user passwords to any Google-managed system; all password verification must take place on-premises. How does adopting SAML 2.0 single sign-on (SSO) help meet these requirements?
A bidirectional SCIM synchronization replicates hashed passwords between Google and AD FS, eliminating the need for SAML assertions.
Google Cloud requires GCDS to synchronize user passwords, then sends a SAML assertion to AD FS to authorize console access.
Google Cloud redirects the user to AD FS; the IdP authenticates the user and returns a signed SAML assertion that Google trusts, so no passwords are stored in Google.
Google Cloud operates as the identity provider, generating SAML responses that AD FS validates before granting users access to corporate resources.
In a SAML-based SSO flow, Google Cloud functions as the service provider. When an employee initiates sign-in, Google redirects the browser to the external Identity Provider (AD FS). AD FS validates the username and password within the corporate environment and, upon successful authentication, issues a digitally signed SAML assertion. The browser forwards this assertion to Google Cloud, which verifies the signature and grants the user a session. Because the user's password never leaves the on-premises directory and no password data is stored or synced to Google, the organization's policy is fully respected. Alternatives that involve syncing passwords (via GCDS, SCIM, or Password Sync) or having Google act as the identity provider would not comply with the requirement to keep authentication and password storage on-premises.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SAML 2.0 and how does it work?
Open an interactive chat with Bash
How does AD FS function in the SSO process?
Open an interactive chat with Bash
Why is the strict security policy satisfied by using SAML 2.0?
Open an interactive chat with Bash
What is a SAML assertion?
Open an interactive chat with Bash
How does AD FS work as an Identity Provider in this setup?
Open an interactive chat with Bash
What is the role of Google Cloud as a Service Provider in SAML-based SSO?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Configuring Access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .