1. Home
  2. Salesforce
  3. IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT

Salesforce Certified Identity and Access Management Architect

Exam Details

  • Exam Code
    :IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT
  • Exam Name
    :Salesforce Certified Identity and Access Management Architect
  • Certification
    :Salesforce Certifications
  • Vendor
    :Salesforce
  • Total Questions
    :247 Q&As
  • Last Updated
    :Mar 27, 2025

Salesforce Salesforce Certifications IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Questions & Answers

  • Question 81:

    Refer to the exhibit.

    Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.

    A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.

    NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization.

    what should an identity architect do to fulfill the above requirements?

    A. For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.

    B. Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.

    C. Authorize third-party service by sending authorization requests to the community- url/services/oauth2/authorize/cookie_value.

    D. Authorize third-party service by sending authorization requests to the community- url/services/oauth2/authonze/expid_value.

  • Question 82:

    Which three are features of federated Single sign-on solutions? Choose 3 Answers

    A. It establishes trust between Identity Store and Service Provider.

    B. It federates credentials control to authorized applications.

    C. It solves all identity and access management problems.

    D. It improves affiliated applications adoption rates.

    E. It enables quick and easy provisioning and deactivating of users.

  • Question 83:

    In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?

    A. RedirectURL

    B. RelayState

    C. DisplayState

    D. StartURL

  • Question 84:

    Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

    A. Federation ID

    B. Salesforce User ID

    C. User Full Name

    D. User Email Address

    E. Salesforce Username

  • Question 85:

    Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of

    being shown the IDP login page.

    What is the likely cause of the issue?

    A. The "Redirect to Identity Provider" option has been selected in the my domain configuration.

    B. The user has not configured the salesforce1 mobile app to use my domain for login

    C. The "Redirect to identity provider" option has not been selected the SAML configuration.

    D. The user has not been granted the "Enable single Sign-on" permission

  • Question 86:

    A global fitness equipment manufacturer is planning to sell fitness tracking devices and has the following requirements:

    1) Customer purchases the device.

    2) Customer registers the device using their mobile app.

    3) A case should automatically be created in Salesforce and associated with the customers account in cases where the device registers issues with tracking.

    Which OAuth flow should be used to meet these requirements?

    A. OAuth 2.0 Asset Token Flow

    B. OAuth 2.0 Username-Password Flow

    C. OAuth 2.0 User-Agent Flow

    D. OAuth 2.0 SAML Bearer Assertion Flow

  • Question 87:

    Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).

    Which three OAuth concepts apply to this flow?

    Choose 3 answers

    A. Client ID

    B. Refresh Token

    C. Authorization Code

    D. Verification Code

    E. Scopes

  • Question 88:

    architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

    A. The Identity Provider is also used to SSO into five other applications.

    B. The clock on the Identity Provider server is twenty minutes behind Salesforce.

    C. The Issuer Certificate from the Identity Provider expired two weeks ago.

    D. The default language for the Identity Provider and Salesforce are Different.

  • Question 89:

    Universal Container's (UC) identity architect needs to recommend a license type for their new Experience Cloud site that will be used by external partners (delivery providers) for reviewing and updating their accounts, downloading files provided by UC and obtaining scheduled pickup dates from their calendar.

    UC is using their Salesforce production org as the identity provider for these users and the expected number of individual users is 2.5 million with 13.5 million unique logins per month.

    Which of the following license types should be used to meet the requirement?

    A. External Apps License

    B. Partner Community License

    C. Partner Community Login License

    D. Customer Community plus Login License

  • Question 90:

    Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.

    What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

    A. Require the use of Salesforce security tokens on passwords.

    B. Enforce mutual authentication between systems using SSL.

    C. Include Client Id and Client Secret in the login header callout.

    D. Set up a proxy service for the login service in the DMZ.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Salesforce exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT exam preparations and Salesforce certification application, do not hesitate to visit our Vcedump.com to find your solutions here.