1. Home
  2. Salesforce
  3. IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT

Salesforce Certified Identity and Access Management Architect

Exam Details

  • Exam Code
    :IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT
  • Exam Name
    :Salesforce Certified Identity and Access Management Architect
  • Certification
    :Salesforce Certifications
  • Vendor
    :Salesforce
  • Total Questions
    :247 Q&As
  • Last Updated
    :Mar 27, 2025

Salesforce Salesforce Certifications IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Questions & Answers

  • Question 41:

    Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org. What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

    A. Query using OpenID Connect discovery endpoint.

    B. A Leverage OpenID Connect Token Introspection.

    C. Create a custom OAuth scope.

    D. Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.

  • Question 42:

    Universal Containers is implementing Salesforce Identity to broker authentication from its enterprise single sign-on (SSO) solution through Salesforce to third party applications using SAML. What rote does Salesforce Identity play in its relationship with the enterprise SSO system?

    A. Identity Provider (IdP)

    B. Resource Server

    C. Service Provider (SP)

    D. Client Application

  • Question 43:

    A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities. Which Salesforce OAuth authorization flow should be used?

    A. OAuth 2.0 JWT Bearer How

    B. OAuth 2.0 Device Flow

    C. OAuth 2.0 User-Agent Flow

    D. OAuth 2.0 Asset Token Flow

  • Question 44:

    An identity architect has built a native mobile application and plans to integrate it with a Salesforce Identity solution. The following are the requirements for the solution:

    1.

    Users should not have to login every time they use the app.

    2.

    The app should be able to make calls to the Salesforce REST API.

    3.

    End users should NOT see the OAuth approval page.

    How should the identity architect configure the Salesforce connected app to meet the requirements?

    A. Enable the API Scope and Offline Access Scope, upload a certificate so JWT Bearer Flow can be used and then set the connected app access settings to "Admin Pre- Approved".

    B. Enable the API Scope and Offline Access Scope on the connected app, and then set the connected app to access settings to 'Admin Pre-Approved".

    C. Enable the Full Access Scope and then set the connected app access settings to "Admin Pre-Approved".

    D. Enable the API Scope and Offline Access Scope on the connected app, and then set the Connected App access settings to "User may self authorize".

  • Question 45:

    Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers

    A. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.

    B. Utilize Authorization Providers to allow the third-party appliction to authenticate itself against Salesforce as the Idp.

    C. Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp.

    D. Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp.

  • Question 46:

    Universal Containers would like its customers to register and log in to a portal built on Salesforce Experience Cloud. Customers should be able to use their Facebook or Linkedln credentials for ease of use.

    Which three steps should an identity architect take to implement social sign-on?

    Choose 3 answers

    A. Register both Facebook and Linkedln as connected apps.

    B. Create authentication providers for both Facebook and Linkedln.

    C. Check "Facebook" and "Linkedln" under Login Page Setup.

    D. Enable "Federated Single Sign-On Using SAML".

    E. Update the default registration handlers to create and update users.

  • Question 47:

    Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials. What should an identity architect recommend to meet these requirements?

    A. Configure a predefined authentication provider for Amazon.

    B. Create a custom external authentication provider for Amazon.

    C. Configure an OpenID Connect Authentication Provider for Amazon.

    D. Configure Amazon as a connected app.

  • Question 48:

    Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.

    What role combination is represented by the systems in this scenario''

    A. Financial System and CPQ System are the only Service Providers.

    B. Salesforce Org1 and Salesforce Org2 are the only Service Providers.

    C. Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.

    D. Salesforce Org1 and PingFederate are acting as Identity Providers.

  • Question 49:

    Universal containers (UC) has a mobile application that it wants to deploy to all of its salesforce users, including customer Community users. UC would like to minimize the administration overhead, which two items should an architect recommend? Choose 2 answers

    A. Enable the "Refresh Tokens is valid until revoked " setting in the Connected App.

    B. Enable the "Enforce Ip restrictions" settings in the connected App.

    C. Enable the "All users may self-authorize" setting in the Connected App.

    D. Enable the "High Assurance session required" setting in the Connected App.

  • Question 50:

    Universal containers (UC) wants to implement a partner community. As part of their implementation, UC would like to modify both the Forgot password and change password experience with custom branding for their partner community users. Which 2 actions should an architect recommend to UC? Choose 2 answers

    A. Build a community builder page for the change password experience and Custom Visualforce page for the Forgot password experience.

    B. Build a custom visualforce page for both the change password and Forgot password experiences.

    C. Build a custom visualforce page for the change password experience and a community builder page for the Forgot password experience.

    D. Build a community builder page for both the change password and Forgot password experiences.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Salesforce exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT exam preparations and Salesforce certification application, do not hesitate to visit our Vcedump.com to find your solutions here.