CompTIA Online Training

Salesforce Certified Identity and Access Management Designer (SP19) Exam

September 12, 2019 by admin

Identity and Access Management Designer Study Guide

Chris GardnerNovember 28, 2018
The Salesforce architect exams are some of the most rewarding and interesting exams to get. I really enjoy them because they offer a rare chance to dive very deep into a specific area of the platform. These can expand your capabilities within Salesforce, and provide you valuable understanding as you progress your career towards Technical Architect. This is the study guide for the Identity and Access Management Designer certification exam.

Each of these exams has a study guide (like all other certifications), as well as a resource guide which has linked articles, Trailhead modules, documentation and more. To get the most out of those guides, I have written down some important areas to study and understand. If you understand the concepts below, you’ll do well on your exam.
Identity and Access Management Designer

The Salesforce Identity and Access Management Designer exam focuses on your understanding of how access is controlled using external authentication providers, as well as using Salesforce as the authentication provider. You need to know how the systems talk to each other, the different ways authentication can be passed, and how to manage the security of your org(s).

For me, this was the hardest of all of the architect exams. This test deals with a lot of non-Salesforce principles and practices. If you have spent time working with authentication and security in your current or previous roles, it may not be as difficult. I had to take this test a few times, as well as spend a good amount of time learning about concepts outside of my normal job responsibilities.

Single Sign-On
Salesforce uses the OAuth protocol to safely access information without passing login credentials. This article speaks about configuring SSO, and this one speaks about best practices. It is important to review those best practice considerations.

Active Directory – Salesforce Identity Connect
It is important to understand Identity Connect and the relationship Active Directory has in the modern enterprise landscape. Mapping requirements is a key part of this process.

Identity Provider vs. Service Provider
Given an authentication scenario, you will be asked to determine which system is the identity provider, and which system is the service provider. The key to these questions is determining the platform that ultimately authenticates the users credentials.

Two Factor Authentication
Know what options are available for 2FA natively from Salesforce, as well as the AppExchange. Also understand when you would recommend a 2FA step to an organization.

JIT Provisioning
Know what just in time provisioning is, and for what use case(s) it may be appropriate.

Canvas Apps and SAML SSO
Understanding how SAML SSO can authenticate into your canvas apps.

Multi-Org Solutions
When working with multiple orgs, understand the SSO capabilities and limitations.

Session Security
What tokens exist within different authentications scenarios? How is security handled in these scenarios?

Question: 1
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC
has asked its Architect to describe how the API calls will be authenticated to a specific user. Which
two mechanisms can the Architect provide? Choose 2 Answers

A. Authentication Token
B. Session ID
C. Refresh Token
D. Access Token

Answer: AD

Question: 2
Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while
Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce
Org 2 and then later in the day, they will log into either the Financial System or CPQ system
depending upon their job position. Which two systems are acting as Identity Providers?

A. Financial System
B. Pingfederate
C. Salesforce Org 2
D. Salesforce Org 1

Answer: BD

Question: 3
Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in
Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas
are created in the company portal pages as part of the integration process. The Company portal
connects to Salesforce using OAuth. Everything is working fine, except when users click on links to
existing ideas, they are always taken to the Ideas home page rather than the specific idea, after
authorization. Which OAuth URL parameter can be used to retain the original requested page so that
a user can be redirected correctly after OAuth authorization?

A. Redirect_uri
B. State
C. Scope
D. Callback_uri

Answer: A

Question: 4
Universal Containers (UC) is building an integration between Salesforce and a legacy web
applications using the canvas framework. The security for UC has determined that a signed request
from Salesforce is not an adequate authentication solution for the Third-Party app. Which two
options should the Architect consider for authenticating the third-party app using the canvas
framework? Choose 2 Answers

A. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC’s IdP.
B. Utilize Authorization Providers to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
C. Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
D. Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp.

Answer: AC

Click here to view complete Q&A of Salesforce Certified Identity and Access Management exam
Certkingdom Review, Certkingdom PDF Torrents

Best Salesforce Certified Identity and Access Management Certification, Certified Identity and Access Management Training at certkingdom.com