Your customer is moving an existing corporate application to Google Cloud Platform from an on-premises data center. The business owners require minimal user disruption. There are strict security team requirements for storing passwords. What authentication strategy should they use?
Choose an answer
Tap an option to check your answer.
Correct answer: Federate authentication via SAML 2.0 to the existing Identity Provider.
Why this is the answer
Federating authentication via SAML 2.0 to the existing Identity Provider (IdP) is the best strategy because it allows users to continue using their existing corporate credentials without disruption. This approach also satisfies strict security requirements by not replicating or storing passwords in Google Cloud, as authentication requests are redirected to the on-premises IdP. Using G Suite Password Sync replicates passwords, which violates security requirements. Provisioning users with Google Cloud Directory Sync creates user accounts but doesn't handle authentication in a federated manner, potentially requiring new passwords or separate authentication flows. Asking users to set matching passwords is a security risk (password reuse) and introduces manual effort, leading to user disruption.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed