Your organization uses Microsoft Entra ID for identity management. You need to ensure that users can sign in using their Google Workspace credentials without creating external identities. What should you configure?
Microsoft Entra ID supports direct federation with Google Workspace as a SAML/WS-Fed identity provider.
Why this answer
Option D is correct because configuring SAML/WS-Fed identity provider federation with Google Workspace allows users to sign in using their Google Workspace credentials directly, without creating external identities. This federation establishes a trust relationship between Microsoft Entra ID and Google Workspace as an identity provider, enabling seamless authentication for users who already have Google accounts.
Exam trap
The trap here is that candidates often confuse social identity provider configuration (Option B) with enterprise federation, but social IdPs are designed for consumer scenarios and create external identities, whereas SAML/WS-Fed federation preserves the user's existing identity without creating new objects in the directory.
How to eliminate wrong answers
Option A is wrong because Microsoft Entra Verified ID is a decentralized identity solution using verifiable credentials, not designed for federating with Google Workspace for sign-in. Option B is wrong because configuring Google as a social identity provider in Microsoft Entra External ID is intended for consumer-facing applications and creates external identities, not for enterprise users with existing Google Workspace accounts. Option C is wrong because Microsoft Entra B2B collaboration creates external guest user objects in the directory, which contradicts the requirement to avoid creating external identities.