The Secret Of Salesforce Identity-and-Access-Management-Designer Study Guides

NEW QUESTION 1
A group of users try to access one of universal containers connected apps and receive the following error message : "Failed : Not approved for access". what is most likely to cause of the issue?

• A. The use of high assurance sections are required for the connected App.
• B. The users do not have the correct permission set assigned to them.
• C. The connected App setting "All users may self-authorize" is enabled.
• D. The salesforce administrators gave revoked the Oauth authorization.

Answer: B

NEW QUESTION 2
A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication.
Which three functions meet the Salesforce criteria for secure mfa? Choose 3 answers

• A. username and password + SMS passcode
• B. Username and password + secunty key
• C. Third-party single sign-on with Mobile Authenticator app
• D. Certificate-based Authentication
• E. Lightning Login

Answer: BCE

NEW QUESTION 3
Refer to the exhibit.

Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.
A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.
NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization.
what should an identity architect do to fulfill the above requirements?

• A. For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.
• B. Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.
• C. Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authorize/cookie_value.
• D. Authorize third-party service by sending authorization requests to thecommunity-url/services/oauth2/authonze/expid_value.

Answer: D

NEW QUESTION 4
Northern Trail Outfitters (NTO) has an existing custom business-to-consumer (B2C) website that does NOT support single sign-on standards, such as Security Assertion Markup Language (SAMi) or OAuth. NTO wants to use Salesforce Identity to register and authenticate new customers on the website.
Which two Salesforce features should an identity architect use in order to provide username/password authentication for the website?
Choose 2 answers

• A. Identity Connect
• B. Delegated Authentication
• C. Connected Apps
• D. Embedded Login

Answer: BD

NEW QUESTION 5
Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

• A. Google is the identity provider
• B. Salesforce is the identity provider
• C. Google is the service provider
• D. Salesforce is the service provider

Answer: D

NEW QUESTION 6
Universal Containers (UC) has implemented SAML-based SSO solution for use with their multi-org Salesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is reporting that they can log in to the Identity Provider org but get a generic SAML error message when accessing the other orgs. Which two considerations should the architect review to troubleshoot the issue? Choose 2 answers

• A. The Federation ID must be a valid Salesforce Username
• B. The Federation ID must is case sensitive
• C. The Federation ID must be in the form of an email address.
• D. The Federation ID must be populated on the user record.

Answer: BD

NEW QUESTION 7
Which two statements are capable of Identity Connect? Choose 2 answers

• A. Synchronization of Salesforce Permission Set Licence Assignments.
• B. Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.
• C. Support multiple orgs connecting to multiple Active Directory servers.
• D. Automated user synchronization and de-activation.

Answer: BD

NEW QUESTION 8
Universal containers wants salesforce inbound Oauth-enabled integration clients to use SAML-BASED single Sign-on for authentication. What Oauth flow would be recommended in this scenario?

• A. User-Agent Oauth flow
• B. SAML assertion Oauth flow
• C. User-Token Oauth flow
• D. Web server Oauth flow

Answer: B

NEW QUESTION 9
Northern Trail Outfitters (NTO) leverages Microsoft Active Directory (AD) for management of employee usernames, passwords, permissions, and asset access. NTO also owns a third-party single sign-on (SSO) solution. The third-party party SSO solution is used for all corporate applications, including Salesforce.
NTO has asked an architect to explore Salesforce Identity Connect for automatic provisioning and deprovisiorung of users in Salesforce.
What role does identity Connect play in the outlined requirements?

• A. Service Provider
• B. Single Sign-On
• C. Identity Provider
• D. User Management

Answer: D

NEW QUESTION 10
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?

• A. Web Server flow
• B. JWT Bearer Token flow
• C. Username-Password flow
• D. User Agent flow

Answer: B

NEW QUESTION 11
Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs. How should UC'S architect enable this behavior?

• A. Ensure that users have the same email value in their user records in all of UC's salesforce orgs.
• B. Ensure the same username is allowed in multiple orgs by contacting salesforce support.
• C. Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.
• D. Ensure that users have the same alias value in their user records in all of UC's salesforce orgs.

Answer: C

NEW QUESTION 12
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements? Choose 2 answers

• A. Create a custom external authentication provider for Facebook.
• B. Configure a predefined authentication provider for Facebook.
• C. Create a custom external authentication provider for Twitter.
• D. Configure a predefined authentication provider for Twitter.

Answer: BD

NEW QUESTION 13
Containers (UC) has an existing Customer Community. UC wants to expand the self-registration capabilities such that customers receive a different community experience based on the data they provide during the registration process. What is the recommended approach an Architect Should recommend to UC?

• A. Create an After Insert Apex trigger on the user object to assign specific custom permissions.
• B. Create separate login flows corresponding to the different community user personas.
• C. Modify the Community pages to utilize specific fields on the User and Contact records.
• D. Modify the existing Communities registration controller to assign different profiles.

Answer: C

NEW QUESTION 14
Northern Trail Outfitters (NTO) wants its customers to use phone numbers to log in to their new digital portal, which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user will need to do the following:
* 1. Enter a phone number and/or email address
* 2. Enter a verification code that is to be sent via email or text.
What is the recommended approach to fulfill this requirement?

• A. Create a Login Discovery page and provide a Login Discovery Handler Apex class.
• B. Create a custom login page with an Apex controlle
• C. The controller has logic to send and verify the identity.
• D. Create an Authentication provider and implement a self-registration handler class.
• E. Create a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service.

Answer: D

NEW QUESTION 15
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?

• A. Web
• B. Full
• C. API
• D. Visualforce

Answer: A

NEW QUESTION 16
......