Identity and Access Management Designer Study Guide
Chris GardnerNovember 28, 2018
The Salesforce architect exams are some of the most rewarding and interesting
exams to get. I really enjoy them because they offer a rare chance to dive very
deep into a specific area of the platform. These can expand your capabilities
within Salesforce, and provide you valuable understanding as you progress your
career towards Technical Architect. This is the study guide for the Identity and
Access Management Designer certification exam.
Each of these exams has a study guide (like all other certifications), as well
as a resource guide which has linked articles, Trailhead modules, documentation
and more. To get the most out of those guides, I have written down some
important areas to study and understand. If you understand the concepts below,
you’ll do well on your exam.
Identity and Access Management Designer
The Salesforce Identity and Access Management Designer exam focuses on your
understanding of how access is controlled using external authentication
providers, as well as using Salesforce as the authentication provider. You need
to know how the systems talk to each other, the different ways authentication
can be passed, and how to manage the security of your org(s).
For me, this was the hardest of all of the architect exams. This test deals with
a lot of non-Salesforce principles and practices. If you have spent time working
with authentication and security in your current or previous roles, it may not
be as difficult. I had to take this test a few times, as well as spend a good
amount of time learning about concepts outside of my normal job
responsibilities.
Single Sign-On
Salesforce uses the OAuth protocol to safely access information without
passing login credentials. This article speaks about configuring SSO, and this
one speaks about best practices. It is important to review those best practice
considerations.
Active Directory – Salesforce Identity Connect
It is important to understand Identity Connect and the relationship Active
Directory has in the modern enterprise landscape. Mapping requirements is a key
part of this process.
Identity Provider vs. Service Provider
Given an authentication scenario, you will be asked to determine which
system is the identity provider, and which system is the service provider. The
key to these questions is determining the platform that ultimately authenticates
the users credentials.
Two Factor Authentication
Know what options are available for 2FA natively from Salesforce, as well as
the AppExchange. Also understand when you would recommend a 2FA step to an
organization.
JIT Provisioning
Know what just in time provisioning is, and for what use case(s) it may be
appropriate.
Canvas Apps and SAML SSO
Understanding how SAML SSO can authenticate into your canvas apps.
Multi-Org Solutions
When working with multiple orgs, understand the SSO capabilities and
limitations.
Session Security
What tokens exist within different authentications scenarios? How is
security handled in these scenarios?
Question: 1
Universal Containers (UC) wants to build a few applications that leverage
the Salesforce REST API. UC
has asked its Architect to describe how the API calls will be authenticated to a
specific user. Which
two mechanisms can the Architect provide? Choose 2 Answers
A. Authentication Token
B. Session ID
C. Refresh Token
D. Access Token
Answer: AD
Question: 2
Universal Containers (UC) has implemented SSO according to the diagram
below. uses SAML while
Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first
attempting to log into Salesforce
Org 2 and then later in the day, they will log into either the Financial System
or CPQ system
depending upon their job position. Which two systems are acting as Identity
Providers?
A. Financial System
B. Pingfederate
C. Salesforce Org 2
D. Salesforce Org 1
Answer: BD
Question: 3
Universal Containers (UC) built an integration for their employees to post,
view, and vote for ideas in
Salesforce from an internal Company portal. When ideas are posted in Salesforce,
links to the ideas
are created in the company portal pages as part of the integration process. The
Company portal
connects to Salesforce using OAuth. Everything is working fine, except when
users click on links to
existing ideas, they are always taken to the Ideas home page rather than the
specific idea, after
authorization. Which OAuth URL parameter can be used to retain the original
requested page so that
a user can be redirected correctly after OAuth authorization?
A. Redirect_uri
B. State
C. Scope
D. Callback_uri
Answer: A
Question: 4
Universal Containers (UC) is building an integration between Salesforce and
a legacy web
applications using the canvas framework. The security for UC has determined that
a signed request
from Salesforce is not an adequate authentication solution for the Third-Party
app. Which two
options should the Architect consider for authenticating the third-party app
using the canvas
framework? Choose 2 Answers
A. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate
itself against UC’s IdP.
B. Utilize Authorization Providers to allow the third-party appliction to
authenticate itself against Salesforce as the Idp.
C. Utilize Canvas OAuth flow to allow the third-party appliction to authenticate
itself against Salesforce as the Idp.
D. Create a registration handler Apex class to allow the third-party appliction
to authenticate itself against Salesforce as the Idp.
Answer: AC
Click here to view complete Q&A of Salesforce Certified Identity and Access
Management exam
Certkingdom Review,
Certkingdom PDF Torrents
Best Salesforce Certified Identity and Access Management Certification, Certified Identity and Access Management Training at certkingdom.com