• Home
  • Articles
  • Free 2024 Identity-and-Access-Management-Architect Dumps 100 Pass Guarantee With Latest Demo [Q115-Q138]

Free 2024 Identity-and-Access-Management-Architect Dumps 100 Pass Guarantee With Latest Demo [Q115-Q138]

Share

Free 2024 Identity-and-Access-Management-Architect Dumps 100 Pass Guarantee With Latest Demo

Prepare Identity-and-Access-Management-Architect Question Answers Free Update With 100% Exam Passing Guarantee [2024]


Salesforce is a company that provides Customer Relationship Management (CRM) solutions to businesses of all sizes. One of the key features of Salesforce is its Identity and Access Management (IAM) system, which allows businesses to control who has access to their data and applications. To ensure that their IAM system is properly implemented, Salesforce has developed the Identity and Access Management Architect certification. Salesforce Certified Identity and Access Management Architect certification is designed for experienced architects who are responsible for designing and implementing IAM solutions that meet the needs of their organizations.


Salesforce Certified Identity and Access Management Architect certification exam is a proctored exam that consists of 60 multiple-choice questions. Candidates have 105 minutes to complete the exam, and the passing score is 70%. Identity-and-Access-Management-Architect exam is available in English and costs $400.

 

NEW QUESTION # 115
Northern Trail Outfitters (NTO) uses the Customer 360 Platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information.
What is the potential impact to the architecture if NTO decides to implement this feature?

  • A. Passwordless authentication cannot be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.
  • B. Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloud functionality available to the user.
  • C. Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.
  • D. If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.

Answer: D

Explanation:
Explanation
According to the Salesforce documentation3, contactless user feature allows creating users without contact information, such as email address or phone number. This reduces the overhead of managing customers and partners who don't need or want to provide their contact information. However, if a contactless user is upgraded to a Community license, a contact record is automatically created and linked to the user record, but not associated with an account. This can impact the architecture of NTO's Customer 360 Platform, as they may need to associate contacts with accounts for reporting or other purposes.


NEW QUESTION # 116
The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

  • A. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
  • B. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
  • C. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
  • D. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.

Answer: C


NEW QUESTION # 117
Universal containers(UC) has implemented SAML-BASED single Sign-on for their salesforce application and is planning to provide access to salesforce on mobile devices using the salesforce1 mobile app. UC wants to ensure that single Sign-on is used for accessing the salesforce1 mobile app. Which two recommendations should the architect make? Choose 2 answers

  • A. Use the existing SAML SSO flow along with Web server flow
  • B. Configure the salesforce1 app to use the my domain URL
  • C. Configure the embedded Web browser to use my domain URL.
  • D. Use the existing SAML SSO flow along with user agent flow.

Answer: B,C

Explanation:
Explanation
To use SAML SSO for accessing the Salesforce1 mobile app, the architect should recommend configuring the embedded web browser to use the My Domain URL and configuring the Salesforce1 app to use the My Domain URL4. Using the My Domain URL allows Salesforce to identify the identity provider and initiate the SSO process5. Using the existing SAML SSO flow along with user agent flow or web server flow is not necessary because Salesforce Mobile Applications only work with service provider initiated setups46.
Therefore, option B and D are the correct answers.
References: Salesforce Mobile Application Single Sign-On overview, SAML SSO with Salesforce as the Service Provider, Single Sign-On


NEW QUESTION # 118
Northern Trail Outfitters (NTO) wants to improve its engagement with existing customers to boost customer loyalty. To get a better understanding of its customers, NTO establishes a single customer view including their buying behaviors, channel preferences and purchasing history. All of this information exists but is spread across different systems and formats.
NTO has decided to use Salesforce as the platform to build a 360 degree view. The company already uses Microsoft Active Directory (AD) to manage its users and company assets.
What should an Identity Architect do to provision, deprovision and authenticate users?

  • A. Salesforce Identity is not needed since NTO uses Microsoft AD.
  • B. A Salesforce Identity can be included but NTO will require Identity Connect.
  • C. Salesforce Identity can be included but NTO will be required to build a custom integration with Microsoft AD.
  • D. Salesforce Identity is included in the Salesforce licenses so it does not need to be considered separately.

Answer: B


NEW QUESTION # 119
universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team.
What would be the recommended solution to grant mobile app access to sales users?

  • A. Add a new identity provider to authenticate and authorize mobile users.
  • B. Use the permission set license to assign the mobile app permission to sales users
  • C. Use connected apps Oauth policies to restrict mobile app access to authorized users.
  • D. Use a custom attribute on the user object to control access to the mobile app

Answer: C

Explanation:
Explanation
The recommended solution to grant mobile app access to sales users is to use connected apps OAuth policies to restrict mobile app access to authorized users. A connected app is a configuration in Salesforce that allows an external application, such as a mobile app, to connect to Salesforce using OAuth. OAuth is a protocol that allows the mobile app to obtain an access token from Salesforce after the user grants permission. The access token can then be used by the mobile app to access Salesforce data and features. OAuth policies are settings that control how users can access a connected app, such as who can use the app, how long the access token is valid, and what level of access the app requests. By configuring OAuth policies in the connected app settings, Universal Containers can restrict the mobile app access to only the sales team and protect against unauthorized or excessive access.
References: [Connected Apps], [OAuth Authorization Flows], [OAuth Policies]


NEW QUESTION # 120
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?

  • A. The Self-signed Certificates from the Certificate & Key Management menu.
  • B. The default client Certificate from the Develop--> API menu.
  • C. The CA-signed Certificate from the Certificate and Key Management Menu.
  • D. The default client Certificate or the Certificate and Key Management menu.

Answer: B


NEW QUESTION # 121
An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO).
Which feature of Identity Connect is applicable for this scenario?

  • A. When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revoked Immediately.
  • B. If the number of provisioned users exceeds Salesforce license allowances, identity Connect will start disabling the existing Salesforce users in First-in, First-out (FIFO) fashion.
  • C. When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature.
  • D. Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box.

Answer: A

Explanation:
Explanation
Identity Connect is a tool that synchronizes user data between Microsoft Active Directory and Salesforce. It allows user provisioning, deprovisioning, and single sign-on (SSO) between multiple Active Directory domains and a single Salesforce org. One of the features of Identity Connect is that it can revoke the user's Salesforce session immediately when the user is deprovisioned in an on-premise Active Directory. This can enhance security and compliance by preventing unauthorized access to Salesforce resources. References:
Identity Connect Implementation Guide, Identity Connect Overview


NEW QUESTION # 122
Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

  • A. Google is the service provider
  • B. Salesforce is the identity provider
  • C. Google is the identity provider
  • D. Salesforce is the service provider

Answer: A,B

Explanation:
Explanation
In an environment where Salesforce users are enabled to access Google Apps from within Salesforce through App Launcher and Connected App setup, Google is the service provider and Salesforce is the identity provider. A service provider is an application that provides a service to users and relies on an identity provider for authentication3. A connected app is a service provider that integrates an application with Salesforce using APIs4. An identity provider is an application that authenticates users and provides information about them to service providers3. The App Launcher is a feature that allows users to access Salesforce, connected, and on-premises apps from one location5. In this scenario, Google Apps are connected apps that provide services to Salesforce users, such as Gmail, Google Drive, and Google Calendar. Salesforce is the identity provider that authenticates users and allows them to access Google Apps with their Salesforce credentials using single sign-on (SSO)6.
References: Identity Provider Overview, Connected Apps Overview, App Launcher, Single Sign-On for Desktop and Mobile Applications using SAML and OAuth


NEW QUESTION # 123
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees.
In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

  • A. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
  • B. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.
  • C. Identity License for GS Regional Leads and External Identity license for GS capacity Planners.
  • D. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.

Answer: A,B

Explanation:
Explanation
The most appropriate license types for GS regional leads and the GS capacity planners are:
Customer Community Plus license for GS regional leads. This license type allows external users, such as customers or partners, to access standard Salesforce objects, such as cases and dashboards, and custom objects in a community. This license type also supports role hierarchy, sharing rules, and reports.
This license type is suitable for GS regional leads who need to report damage of goods using cases and access dashboards to track regional shipping KPIs.
External Identity license for GS capacity planners. This license type allows external users to access a limited set of standard Salesforce objects, such as contacts and documents, and custom objects in a community. This license type also supports identity features, such as single sign-on (SSO) and social sign-on. This license type is suitable for GS capacity planners who need to access the third-party cloud analytics tool using Salesforce as the identity provider.
The other options are not appropriate license types for this scenario. Customer Community license for GS capacity planners would not allow them to access the third-party cloud analytics tool using SSO, as this license type does not support identity features. Identity license for GS regional leads would not allow them to access cases and dashboards in the community, as this license type does not support standard Salesforce objects.
References: [Customer Community Plus Licenses], [External Identity Licenses], [Customer Community Licenses], [Identity Licenses]


NEW QUESTION # 124
A real estate company wants to provide its customers a digital space to design their interior decoration options.
To simplify the registration to gain access to the community site (built in Experience Cloud), the CTO has requested that the IT/Development team provide the option for customers to use their existing social-media credentials to register and access.
The IT lead has approached the Salesforce Identity and Access Management (IAM) architect for technical direction on implementing the social sign-on (for Facebook, Twitter, and a new provider that supports standard OpenID Connect (OIDC)).
Which two recommendations should the Salesforce IAM architect make to the IT Lead?
Choose 2 answers

  • A. Apex coding skills are needed for registration handler to create and update users.
  • B. Authentication provider configuration is required each social sign-on providers; and enable Authentication providers in community.
  • C. For supporting OIDC it is necessary to enable Security Assertion Markup Language (SAML) with Just-in-Time provisioning (JIT) and OAuth 2.0.
  • D. Use declarative registration handler process builder/flow to create, update users and contacts.

Answer: A,B


NEW QUESTION # 125
After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement?
Choose 2 answers

  • A. Require users to provide their RSA token along with their credentials.
  • B. Require users to enter a second password after the first Authentication
  • C. Require users to use a biometric reader as well as their password
  • D. Require users to supply their email and phone number, which gets validated.

Answer: A,C


NEW QUESTION # 126
Universal Containers (UC) is rolling out its new Customer Identity and Access Management Solution built on top of its existing Salesforce instance. UC wants to allow customers to login using Facebook, Google, and other social sign-on providers.
How should this functionality be enabled for UC, assuming ail social sign-on providers support OpenID Connect?

  • A. Configure an authentication provider and a Just-In-Time (JIT) handler for each social sign-on provider.
  • B. Configure an authentication provider and a registration handler for each social sign-on provider.
  • C. Configure a single sign-on setting and a registration handler for each social sign-on provider.
  • D. Configure a single sign-on setting and a JIT handler for each social sign-on provider.

Answer: B

Explanation:
Explanation
To allow customers to login using Facebook, Google, and other social sign-on providers, the identity architect should configure an authentication provider and a registration handler for each social sign-on provider.
Authentication providers are configurations that enable users to authenticate with an external identity provider and access Salesforce resources. OpenID Connect is a protocol that allows users to sign in with an external identity provider, such as Facebook or Google, and access Salesforce resources. To enable this, the identity architect needs to configure an OpenID Connect Authentication Provider in Salesforce and link it to a connected app. A registration handler is a class that implements the Auth.RegistrationHandler interface and defines how to create or update users in Salesforce based on the information from the external identity provider. The registration handler can also be used to link the user's social identity with their Salesforce identity and prevent duplicate accounts. References: OpenID Connect Authentication Providers, Social Sign-On with OpenID Connect, Create a Custom Registration Handler


NEW QUESTION # 127
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case?
Choose 2 answers

  • A. The Identity Provider can authenticate multiple applications.
  • B. The Identity Provider can centralize enterprise password policy.
  • C. The Identity provider can store credentials for multiple applications.
  • D. The Identity Provider can authenticate multiple social media accounts.

Answer: A,B

Explanation:
Explanation
The two capabilities of an identity provider that the architect should detail to help strengthen the business case are that the identity provider can authenticate multiple applications and that the identity provider can centralize enterprise password policy. These capabilities can provide benefits such as reducing login friction, improving user experience, enhancing security, and simplifying administration. Option B is not a good choice because the identity provider can authenticate multiple social media accounts may not be relevant for UC's business case, as it does not specify how UC will use social media for its identity management. Option C is not a good choice because the identity provider can store credentials for multiple applications may not be desirable or secure for UC's business case, as it may imply that the identity provider is using password vaulting or federation rather than single sign-on (SSO) or identity federation. References: Identity Management Concepts, [Single Sign-On Implementation Guide]


NEW QUESTION # 128
Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using facebook, UC would like a customer account created automatically in their Accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts. How can the Architect meet these requirements?

  • A. Use JIT Provisioning to automatically create the account in the accounting system.
  • B. Add an Apex callout in the registration handler of the authorization provider.
  • C. Use OAuth JWT flow to pass the data from Salesforce to the Accounting System.
  • D. Create a custom application on Heroku that manages the sign-on process from Facebook.

Answer: B


NEW QUESTION # 129
An architect has successfully configured SAML-BASED SSO for universal containers. SSO has been working for 3 months when Universal containers manually adds a batch of new users to salesforce. The new users receive an error from salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access salesforce. What is the probable cause of this behaviour?

  • A. The my domain capability is not enabled on the new user's profile.
  • B. The new users do not have the SSO permission enabled on their profiles.
  • C. The Federation ID field on the new user records is not correctly set
  • D. The administrator forgot to reset the new user's salesforce password.

Answer: C

Explanation:
Explanation
The Federation ID field on the new user records is not correctly set is the probable cause of this behavior. The Federation ID is an additional field contained in the Salesforce interface that allows admins to pick whatever username or username format they want to pass to Salesforce from their user directory for single sign-on. This field does not appear on the user page layout editor or on the user record page by default, and it must be populated with a unique value that matches the identity provider's assertion for each user. If the Federation ID is missing or incorrect, the SSO will fail. The administrator does not need to reset the new user's Salesforce password, as SSO bypasses the password authentication. The My Domain capability is not enabled on the new user's profile, but on the org level, so it does not affect individual users. The new users do not have the SSO permission enabled on their profiles is not a valid option, as there is no such permission in Salesforce.
References: Certification - Identity and Access Management Architect - Trailhead, Federation ID field on User detail page is not visible, What is the purpose of Salesforce SSO by federation ID?


NEW QUESTION # 130
Universal Containers (UC) is building an integration between Salesforce and a legacy web application using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers

  • A. Utilize Canvas OAuth flow to allow the third-party application to authenticate itself against Salesforce as the Idp.
  • B. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.
  • C. Create a registration handler Apex class to allow the third-party application to authenticate itself against Salesforce as the Idp.
  • D. Utilize Authorization Providers to allow the third-party application to authenticate itself against Salesforce as the Idp.

Answer: A,B

Explanation:
Explanation
The Canvas framework supports OAuth 2.0 for authorization1. There are two OAuth flows that can be used to authenticate the third-party app using the canvas framework: User-Agent OAuth Flow and Web Server OAuth Flow2. The User-Agent OAuth Flow uses the Canvas JavaScript SDK to obtain an OAuth token by using the login function in the SDK2. The Web Server OAuth Flow redirects the user to the Salesforce OAuth authorization endpoint and then obtains an OAuth access token by making a POST request to the Salesforce OAuth token endpoint2. Both of these flows allow the third-party app to authenticate itself against Salesforce as the IdP. The SAML Single Sign-on flow can also be used to allow the third-party app to authenticate itself against UC's IdP, which is another option for authentication3.
References: OAuth Authorization, Mastering Salesforce Canvas Apps, Integrate third-party applications via Canvas App


NEW QUESTION # 131
Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.
Which two options should be utilized in creating an authentication provider?
Choose 2 answers

  • A. A custom error URL can be set.
  • B. The default authentication provider certificate can be set.
  • C. A custom registration handier can be set.
  • D. The default login user can be set.

Answer: A,C


NEW QUESTION # 132
Universal Containers (UC) is using Active Directory as its corporate identity provider and Salesforce as its CRM for customer care agents, who use SAML based sign sign-on to login to Salesforce. The default agent profile does not include the Manage User permission. UC wants to dynamically update the agent role and permission sets.
Which two mechanisms are used to provision agents with the appropriate permissions?
Choose 2 answers

  • A. Use Login Flow in User Context to update role and permission sets.
  • B. Use SAML Just-in-Time (JIT) handler class run as an admin user to update role and permission sets.
  • C. Use Login Flow in System Context to update role and permission sets.
  • D. Use SAML Just-m-Time (JIT) Handler class run as current user to update role and permission sets.

Answer: B,C

Explanation:
Explanation
To dynamically update the agent role and permission sets using Active Directory as the corporate identity provider and Salesforce as the CRM for customer care agents, who use SAML based sign-on to login to Salesforce, the identity architect should use two mechanisms:
Use Login Flow in System Context to update role and permission sets. A Login Flow is a custom post-authentication process that can be used to add additional screens or logic after a user logs in to Salesforce. A System Context is a mode that allows a Login Flow to run as an administrator user with full access to Salesforce data and metadata. By using a Login Flow in System Context, the identity architect can update the agent role and permission sets based on the information from Active Directory or other criteria.
Use SAML Just-in-Time (JIT) handler class run as an admin user to update role and permission sets. A SAML JIT handler class is a class that implements the Auth.SamlJitHandler interface and defines how to handle SAML assertions for Just-in-Time (JIT) provisioning. JIT provisioning is a feature that allows Salesforce to create or update user records on the fly when users log in through an external identity provider. By using a SAML JIT handler class run as an admin user, the identity architect can update the agent role and permission sets based on the information from the SAML assertion. References: Login Flows, SAML Just-in-Time Provisioning, Auth.SamlJitHandler Interface


NEW QUESTION # 133
Universal Containers (UC) is building a custom employee hut) application on Amazon Web Services (AWS) and would like to store their users' credentials there. Users will also need access to Salesforce for internal operations. UC has tasked an identity architect with evaluating Afferent solutions for authentication and authorization between AWS and Salesforce.
How should an identity architect configure AWS to authenticate and authorize Salesforce users?

  • A. Develop a custom Auth server in AWS.
  • B. Configure AWS as an OpenID Connect Provider.
  • C. Create a custom external authentication provider.
  • D. Configure the custom employee app as a connected app.

Answer: B

Explanation:
Explanation
To authenticate and authorize Salesforce users with AWS, the identity architect should configure AWS as an OpenID Connect Provider. OpenID Connect is a protocol that allows users to sign in with an external identity provider, such as AWS, and access Salesforce resources. To enable this, the identity architect needs to configure an OpenID Connect Authentication Provider in Salesforce and link it to a connected app. The other options are not relevant for this scenario. References: OpenID Connect Authentication Providers, Social Sign-On with OpenID Connect


NEW QUESTION # 134
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated.
Which action will accomplish this?

  • A. Use a HTTP POST to the System for Cross-domain Identity Management (SCIM) endpoint, including the current OAuth token.
  • B. Use a HTTP POST to request the refresh token for the current user.
  • C. Enable Single Logout with a secure logout URL.
  • D. Use a HTTP POST to make a call to the revoke token endpoint.

Answer: D


NEW QUESTION # 135
Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

  • A. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
  • B. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SSO.
  • C. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.
  • D. Use a nightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SSO.

Answer: A


NEW QUESTION # 136
An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.
What should the IAM do to fulfill this requirement?

  • A. Create a default account for capturing all ecommerce contacts registered on the community because person Account is not supported for this case.
  • B. Confirm performance considerations with Salesforce Customer Support due to high peaks.
  • C. Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.
  • D. Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.

Answer: C

Explanation:
Explanation
According to the Salesforce documentation2, OAuth2 RPs (relying parties) are applications that use OAuth 2.0 for authentication and authorization with an external identity provider. This allows users to log in to multiple applications with a single identity provider account. The identity provider issues an access token to the relying party, which can be used to access protected resources on behalf of the user. This solution can support high volumes of logins per minute and unify multiple B2C Commerce sites and an Experience Cloud community with a single identity.


NEW QUESTION # 137
An architect needs to set up a Facebook Authentication provider as login option for a salesforce customer Community. What portion of the authentication provider setup associates a Facebook user with a salesforce user?

  • A. User info endpoint URL
  • B. Apex registration handler
  • C. Consumer key and consumer secret
  • D. Federation ID

Answer: B


NEW QUESTION # 138
......

Dumps Real Salesforce Identity-and-Access-Management-Architect Exam Questions [Updated 2024]: https://www.dumpexam.com/Identity-and-Access-Management-Architect-valid-torrent.html

Free Identity-and-Access-Management-Architect Exam Dumps to Pass Exam Easily: https://drive.google.com/open?id=1BVBJXgmSjc9H9brQE-t4BJJyrJfSjuKM

Related Articles

more
Salesforce Identity-and-Access-Management-Architect Certification Practice Exam

DumpExam exam dump materials and dumps PDF will assist you pass certificate exams certainly. We guarantee your money safety and provide you worry-free shopping. Best exam dump, valid dumps PDF, accurate exam materials is here waiting for you.

Latest Exam Dump

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 DumpExam NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy