Google Professional-Cloud-Security-Engineer Online Access

To provide users with SSO-based access to selected cloud apps, Cloud Identity as your IdP supports the OpenID Connect (OIDC) and Security Assertion Markup Language 2.0 (SAML) protocols.

Define Trusted Image Projects:

Identify the project or projects where your trusted operating system images are stored.

Ensure these images meet your organization’s security requirements and are regularly updated to mitigate vulnerabilities.

Create an Organization Policy:

Navigate to the Organization Policies page in the Google Cloud Console.

Create a policy constraint that restricts the creation of boot disks to only those images stored in your trusted image project(s).

The policy constraint to use is constraints/compute.trustedImageProjects.

Apply the Policy:

Apply this organization policy at the appropriate level (organization, folder, or project) to enforce that all new VM instances use images from the trusted repository.

This ensures consistency in the security posture across all projects within the organization.

Monitor Compliance:

Regularly monitor the compliance with this policy using audit logs and other monitoring tools.

Update the trusted images as necessary to ensure they remain secure and compliant with your security standards.

When configuring SAML-based Single Sign-On (SSO) in an organization that's using Active Directory, the general steps would involve setting up a SAML profile, specifying the necessary URLs for sign-in and sign-out processes, uploading an X.509 certificate for secure communication, and setting up the Entity ID and Assertion Consumer Service (ACS) URL in the Identity Provider (which in this case would be Active Directory).