Identity Management Solution for Google Cloud Platform

B.

The organization needs a solution that can integrate with their existing directory service to manage user identities and lifecycle management.

Option A: Google Cloud Directory Sync (GCDS) GCDS is a tool that allows organizations to synchronize user accounts between an existing directory service and Google Cloud Identity or G Suite. This tool can be used to sync user accounts, groups, and contact information from an on-premises directory to GCP. However, this solution requires Google Cloud Identity or G Suite, which may not be the organization's preferred solution.

Option B: Cloud Identity Cloud Identity is Google's identity and access management (IAM) service. It allows organizations to manage users and access to resources across GCP and other applications. This solution supports multiple authentication protocols, including SAML and OpenID Connect. However, this solution may not meet the organization's requirement to use their existing directory service as the "source of truth" for identities.

Option C: Security Assertion Markup Language (SAML) SAML is an open standard for exchanging authentication and authorization data between parties. It allows for single sign-on (SSO) between different systems and applications. SAML can be used to integrate an organization's existing directory service with GCP to manage user identities and access to resources. This solution would allow the organization to maintain their existing directory service as the "source of truth" for identities while enabling SSO to GCP.

Option D: Pub/Sub Pub/Sub is a messaging service that enables real-time messaging between different applications and services. It is not relevant to the organization's requirement for managing user identities and lifecycle management.

Therefore, the solution that meets the organization's requirements is Option C: Security Assertion Markup Language (SAML).