Universal containers (UC) wants users to authenticate into their salesforce org using credentials stored in a custom identity store. UC does not want to purchase or use a third- party Identity provider. Additionally, UC is extremely wary of social media and does not consider it to be trust worthy. Which two options should an architect recommend to UC? Choose 2 answers
A. Use a professional social media such as LinkedIn as an Authentication provider
B. Build a custom web page that uses the identity store and calls frontdoor.jsp
C. Build a custom Web service that is supported by Delegated Authentication.
D. Implement the Openid protocol and configure an Authentication provider
Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?
A. User-Agent
B. IDP-initiated
C. Sp-Initiated
D. Web server
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
A. Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.
B. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.
C. Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.
D. Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.
A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce. What should an identity architect recommend to configure the requirement with limited changes to the third-party app?
A. Use a connected app with user provisioning flow.
B. Create Canvas app in Salesforce for third-party app to provision users.
C. Redirect users to the third-party app for registration.
D. Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.
A multinational industrial products manufacturer is planning to implement Salesforce CRM to manage their business. They have the following requirements:
1.
They plan to implement Partner communities to provide access to their partner network .
2.
They have operations in multiple countries and are planning to implement multiple Salesforce orgs.
3.
Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.
4.
They would like to provide a single login for their partners.
How should an Identity Architect solution this requirement with limited custom development?
A. Create a partner login for the country of their operation and use SAML federation to provide access to other orgs.
B. Consolidate Partner related information in a single org and provide access through Salesforce community.
C. Allow partners to choose the Salesforce org they need information from and use login flows to authenticate access.
D. Register partners in one org and access information from other orgs using APIs.
An administrator created a connected app for a custom wet) application in Salesforce which needs to be visible as a tile in App Launcher The tile for the custom web application is missing in the app launcher for all users in Salesforce. The
administrator requested assistance from an identity architect to resolve the issue.
Which two reasons are the source of the issue?
Choose 2 answers
A. StartURL for the connected app is not set in Connected App settings.
B. OAuth scope does not include "openid*.
C. Session Policy is set as 'High Assurance Session required' for this connected app.
D. The connected app is not set in the App menu as 'Visible in App Launcher".
A web service is developed that allows secure access to customer order status on the Salesforce Platform, The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:
1.
User Authenticates and Authorizes Access
2.
Request an Access Token
3.
Salesforce Grants an Access Token
4.
Request an Authorization Code
5.
Salesforce Grants Authorization Code
What is the correct sequence for the authorization flow?
A. 1, 4, 5, 2, 3
B. 4, 1, 5, 2, 3
C. 2, 1, 3, 4, 5
D. 4,5,2, 3, 1
Northern Trail Outfitters (NTO) employees use a custom on-premise helpdesk application to request, approve, notify, and track access granted to various on-premises and cloud applications, including Salesforce. Salesforce is currently used to authenticate users. How should NTO provision Salesforce users as soon as they are approved in the helpdesk application with the approved profiles and permission sets?
A. Build an integration that performs a remote call-in to the Salesforce SOAP or REST API.
B. Use a login flow to query the helpdesk to validate user status.
C. Have the helpdesk initiate an IdP-initiated Just-m-Time provisioning Security Assertion Markup Language flow.
D. Use Salesforce Connect to integrate with the helpdesk application.
Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app. Which two scope values should an Architect recommend to UC? Choose 2 answers.
A. Custom_permissions
B. Api
C. Refresh_token
D. Full
Universal Containers (UC) uses Salesforce as a CRM and identity provider (IdP) for their Sales Team to seamlessly login to intemaJ portals. The IT team at UC is now evaluating Salesforce to act as an IdP for its remaining employees.
Which Salesforce license is required to fulfill this requirement?
A. External Identity
B. Identity Verification
C. Identity Connect
D. Identity Only
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Salesforce exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT exam preparations and Salesforce certification application, do not hesitate to visit our Vcedump.com to find your solutions here.