Your organization has implemented synchronization and SAML federation between Cloud Identity and Microsoft Active Directory. You want to reduce the risk of Google Cloud user accounts being compromised. What should you do?
A.
Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with security keys in the Google Admin console.
B.
Create a Cloud Identity password policy with strong password settings, and configure 2-Step Verification with verification codes via text or phone call in the Google Admin console.
C.
Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with security keys in the Google Admin console.
D.
Create an Active Directory domain password policy with strong password settings, and configure post-SSO (single sign-on) 2-Step Verification with verification codes via text or phone call in the Google Admin console.
Objective: Reduce the risk of Google Cloud user accounts being compromised.
Solution: Implement strong password policies and post-SSO 2-Step Verification using security keys.
Steps:
Step 1: In Active Directory, configure a domain password policy with strong settings (e.g., complexity, length, expiration).
Step 2: In the Google Admin console, navigate to the Security settings.
Step 3: Enable 2-Step Verification and configure it to use security keys for post-SSO verification.
Step 4: Ensure all users enroll in the 2-Step Verification with security keys.
Using strong password policies in Active Directory along with security keys for 2-Step Verification post-SSO provides enhanced security against account compromises.
[References:, Active Directory Password Policies, Google Admin Console 2-Step Verification, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit