CDL - Identity Flashcards
What is a directory service?
A DS maps the names of network resources to their network addresses
What is Cloud Identity?
A Identity as a Service (IDaaS) that centrally manages users and group within a SINGLE PANE OF GLASS
What features constitute Cloud Identity?
- User lifecycle management
- SSO
- Device management
- Cloud Directory
- Account security
IS Google Cloud Directory Sync a sub-service of Cloud Identity?
Yes
What is Active Directory?
A service that allows orgs to manage multiple on-prem infra components and systems using a SINGLE identity per user.
What is AD Domain Services (ADDS)?
A Microsoft server based directory service that stores and managers information about a network resources. Facilitates resource access and management
Note: AD services consist of multiple directory services.
What is Managed Service for Microsoft AD?
It is an AD hostd on the GCP platform.
If you have Managed Service for Micro Active Directory why and how would you use Cloud Identity?
1) MicroAD may have features that Cloud Identity does not
2) Via federation
What are key benefits of Managed Service for Micro AD?
1) Maintenance free
2) Seamless multi-region deployment
3) Hybrid identity support
4) Compatibility with AD-dependent apps
How does a Directory Service work?
It works as a shared information infrastructure for locating, managing, administering, and organizing resources.
Analogy - A magical map that locates all your toys and friends (resources & users)
What is a Identity Provide (IdP)?
A service that creates, maintains, and manages identity information to provide authentication to services/applications within a federation or distributed network.
Eg: FB, Amzn, Google, Twitter.
What are objects in a Directory Service?
Objects are resources.
What are examples of resources on a directory service?
Users
Goups
Devises
Folders / files
Printers
Is a directory service a critical component of a network operating system?
Yes
What is Single-sign-on (SSO)? What ia a key benefit?
Seamless
What is Lightweight Directory Access Protocol?
Hey protocol for accessing in managing directory information resources
Why use LDAP when SSO is more convenient?
What is Google Cloud Directory Sync (Exam)?
What is a Directory Server?
It is a server which provides a directory service
What are well known Directory Services ?
DNS - for the internet
MicoAD
OpenLDAP
Cloud Identity
Can Cloud Identity federate identities between different ADs?
Yes
Between GCP, AD, Azure AD, etc.
How does Cloud Identity work?
A zero trust service that Allows you to manage access and compliance across all users within your domain
AND
allows you to create a CI account for each of your users/groups.
IAM is used to manage access between GCP resources and cloud identity acounts.
What deployment principles are characteristic by ADs?
They are redundant and placed as close to end users to reduce latency
What are the various DS that comprise Active Directory?
AD Lightweight Directory Services (ADLDS)
AD Federation Services (ADFS)
What is a federated service?
A SSO service allows users to use several web-based services using only ONE set of credentials stored at a central location.
What is AD Lightweight Directory Services (ADLDS)?
An implementation of LDAP protocol
What elements comprise a Active Directory?
Org units
Domains – a network area organized by a single authentication DB
Domain Controller
Domain Computer
Objects
What are objects ?
The basic element in a AD – users, groups, printers, devices, folders, etc
What is a Domain Computer
A computer registered with a CENTRAL authentication DB
It is also a object
What is an AD domain?
A logical grouping of AD objects on a network
What is a Directory Service?
An example of ADDS – it provides methods for data storage and making the data available to network users and admins
Runs on a Domain Controller
What is a federated identity?
A method of linking a user’s identity across multiple identity management systems
What is OpenID?
OpenID is about providing who you are, and it is a open and decentralized authentication protocol.
Use case: Logging into diff social media accounts via Google or FB
What is OAuth2.0
OAuth is about granting access to functionality.
Its a protocol that uses authorization tokens to prove identity between users and service providers.
Does not use PW data
What is SAML?Use case?
Security Assertion Markup Language
An open standard for exchanging authentication & authorization between IdP and service providers.
Use case: SSO via web browserSSO
What is SSO?
Single sign on.
An authentication scheme that allows users to log in with a SINGLE ID & password to different systems and software.
Key benefit of SSO?
seamless
What is a typical SSO diagram look like?
Azure AD –> SAML –> SS0 –> Services (slack, GWS, etc.)
What is Light weight Directory Access Protocol (LDAP)?
A protocol for accessing and maintaining distributed directory information services
On-prem AD –> LDAP Directory –> Services (GCP, GKE)
How do LDAPs work?
Via Same sign -on - The user of a single ID + PW, but unlike SSO, you have to reuse them every time a user logs on.
Common LDAP use case?
To provide a central place to store usernames and pws
What is Google Cloud Directory Sync (exam)?
A synchronization service that allows admins to sync users, groups, and other data between AD/LDAP to their Managed Service for MicoAD within Google.
