Extending onPremise Active Directory to GCP

Normally Users and Groups exist in Active Directory and they reside in AD Domain Contoller.

Cloud Identity

===

1.

with Directory Synch, it allow to synch users and groups from on premise to GCP cloud identity .

2. You can set up cloud identity domain to indicate authentication of those user would happen with onpremise federation endpoint.

Google Cloud Directory Synch

setting up users account with below powershell scipt and execute it

This will set up users and grouo in onpremise AD as below

Goto Google Cloud Ditectory synch and click on synch and apply

Goto Google Cloud Identity and refresh it

You will see users ang group in this identity domain.

now users and group are available in Google Cloud Identity, goto IAM

click Add - select group-add role for accessing BigQuery on GCP

we can set up IAM policy for user to access in certian time window and from partucular ip as below.

Below are the scenario where we may set up AD or AD related application in GCP

Architecture Choices are

1.

2.

3.