Question # 1 A real estate company wants to provide its customers a digital space to design their interior decoration options. To simplify the registration to gain access to the community site (built in Experience Cloud), the CTO has requested that the IT/Development team provide the option for customers to use their existing social-media credentials to register and access.
The IT lead has approached the Salesforce Identity and Access Management (IAM) architect for technical direction on implementing the social sign-on (for Facebook, Twitter, and a new provider that supports standard OpenID Connect (OIDC)).
Which two recommendations should the Salesforce IAM architect make to the IT Lead? Choose 2 answers
A. Use declarative registration handler process builder/flow to create, update users and contacts.B. Authentication provider configuration is required each social sign-on providers; and enable Authentication providers in
community.
C. For supporting OIDC it is necessary to enable Security Assertion Markup Language (SAML) with Just-in-Time provisioning (JIT) and OAuth 2.0.D. Apex coding skills are needed for registration handler to create and update users.
Click for Answer
B. Authentication provider configuration is required each social sign-on providers; and enable Authentication providers in
community.
D. Apex coding skills are needed for registration handler to create and update users.
Question # 2 Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens? A. Web Server flowB. JWT Bearer Token flowC. Username-Password flowD. User Agent flow
Click for Answer
B. JWT Bearer Token flow
Question # 3 A company wants to provide its employees with a custom mobile app that accesses Salesforce. Users are required to download the internal native IOS mobile app from corporate intranet on their mobile device. The app allows flexibility to access other non- Salesforce internal applications once users authenticate with Salesforce. The apps self- authorize, and users are permitted to use the apps once they have logged into Salesforce.
How should an identity architect meet the above requirements with the privately distributed mobile app? A. Use connected app with OAuth and Security Assertion Markup Language (SAML) to access other non-Salesforce internal apps.B. Configure Mobile App settings in connected app and Salesforce as identity provider for non-Salesforce internal apps.C. Use Salesforce as an identity provider (IdP) to access the mobile app and use the external IdP for other non-Salesforce internal apps.D. Create a new hybrid mobile app and use the connected app with OAuth to authenticate users for Salesforce and non-Salesforce internal apps.
Click for Answer
B. Configure Mobile App settings in connected app and Salesforce as identity provider for non-Salesforce internal apps.
Answer Description Explanation: Configuring Mobile App settings in connected app and Salesforce as identity provider for non-Salesforce internal apps is the best way to meet the requirements with the privately distributed mobile app. The Mobile App settings allow users to download the app from a private URL and use it with Salesforce credentials. The identity provider settings allow users to access other internal apps with SSO using Salesforce as the IdP. The other options are either not feasible or not optimal for this use case. References: Mobile App Settings, Single Sign-On for Desktop and Mobile Applications using SAML and OAuth
Question # 4 architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers A. The Identity Provider is also used to SSO into five other applications.B. The clock on the Identity Provider server is twenty minutes behind Salesforce.C. The Issuer Certificate from the Identity Provider expired two weeks ago.D. The default language for the Identity Provider and Salesforce are Different.
Click for Answer
B. The clock on the Identity Provider server is twenty minutes behind Salesforce.C. The Issuer Certificate from the Identity Provider expired two weeks ago.
Answer Description Explanation: The two issues outside of the Salesforce SSO settings that are most likely contributing to the SSO errors are the clock on the identity provider server being twenty minutes behind Salesforce and the issuer certificate from the identity provider expiring two weeks ago. These issues can cause SAML assertion errors, which prevent the user from logging in with SSO. A SAML assertion is an XML document that contains information about the user’s identity and attributes, and it is signed by the identity provider and sent to Salesforce as part of the SSO process4. If the clock on the identity provider server is not synchronized with Salesforce, the SAML assertion may be rejected as invalid or expired, as it has a time limit for validity5. If the issuer certificate from the identity provider is expired, the SAML assertion may not be verified by Salesforce, as it relies on the certificate to validate the signature6. The other options are not likely issues that cause SSO errors. The identity provider being used to SSO into five other applications does not affect its ability to SSO into Salesforce, as long as it supports multiple service providers and has a separate configuration for each one7. The default language for the identity provider and Salesforce being different does not affect the SSO process, as it does not impact the SAML assertion or its validation.
Question # 5 Northern Trail Outfitters (NTO) wants its customers to use phone numbers to log in to their new digital portal, which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user will need to do the following:
1. Enter a phone number and/or email address
2. Enter a verification code that is to be sent via email or text.
What is the recommended approach to fulfill this requirement?
A. Create a Login Discovery page and provide a Login Discovery Handler Apex class.B. Create a custom login page with an Apex controller. The controller has logic to send and verify the identity.C. Create an authentication provider and implement a self-registration handler class.D. Create a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service.
Click for Answer
A. Create a Login Discovery page and provide a Login Discovery Handler Apex class.
Answer Description Explanation: To allow customers to use phone numbers to log in to their new digital portal, the identity architect should create a Login Discovery page and provide a Login Discovery Handler Apex class. A Login Discovery page is a custom page that allows users to enter their phone number or email address and receive a verification code via email or text. A Login Discovery Handler is a class that implements the Auth.LoginDiscoveryHandler interface and defines how to handle the user input and verification code. This approach can provide a passwordless login experience for the customers. References: Login Discovery, Create a Login Discovery Page
Question # 6 Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials.
The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically.
Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?
A. Just-in-Time (JIT) provisioningB. Custom middleware and web servicesC. Custom login flow and Apex handlerD. Third-party AppExchange solution
Click for Answer
A. Just-in-Time (JIT) provisioning
Answer Description Explanation: Just-in-Time (JIT) provisioning is a feature that allows Salesforce to create or update user records on the fly when users log in through an external identity provider. This eliminates the need for manual or batch user provisioning in Salesforce. References: Just- in-Time Provisioning for SAML and OpenID Connect, Identity 101: Design Patterns for Access Management
Question # 7 Northern Trail Outfitters (NTO) is planning to implement a community for its customers using Salesforce Experience Cloud. Customers are not able to self-register. NTO would like to have customers set their own passwords when provided access to the community.
Which two recommendations should an identity architect make to fulfill this requirement? Choose 2 answers
A. Add customers as contacts and add them to Experience Cloud site.B. Enable Welcome emails while configuring the Experience Cloud site.C. Allow Password reset using the API to update Experience Cloud site membership.D. Use Login Flows to allow users to reset password in Experience Cloud site.
Click for Answer
C. Allow Password reset using the API to update Experience Cloud site membership.D. Use Login Flows to allow users to reset password in Experience Cloud site.
Answer Description Explanation: Allowing password reset using the API and using login flows are two possible ways to enable customers to set their own passwords in Experience Cloud. The other options are not relevant for this requirement, as they do not address the password issue.
References: Allow Password Reset Using the API, Use Login Flows to Allow Users to Reset Passwords in Experience Cloud Sites
Question # 8 Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using Facebook, UC would like a customer account created automatically in their accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts. How can the Architect meet these requirements? A. Create a custom application on Heroku that manages the sign-on process from Facebook.B. Use JIT Provisioning to automatically create the account in the accounting system.C. Add an Apex callout in the registration handler of the authorization provider.D. Use OAuth JWT flow to pass the data from Salesforce to the Accounting System.
Click for Answer
C. Add an Apex callout in the registration handler of the authorization provider.
Answer Description Explanation: The best option for UC to meet the requirements is to add an Apex callout in the registration handler of the authorization provider. An authorization provider is a configuration in Salesforce that allows users to log in with an external authentication provider, such as Facebook. A registration handler is an Apex class that implements the Auth.RegistrationHandler interface and defines the logic for creating or updating a user account when a user logs in with an external authentication provider. An Apex callout is a method that invokes an external web service from Apex code. By adding an Apex callout in the registration handler, UC can create a customer account in their accounting system by calling the web service that is accessible to Salesforce. This option enables UC to automate the account creation process and integrate with their existing accounting system. The other options are not optimal for this scenario. Creating a custom application on Heroku that manages the sign-on process from Facebook would require UC to develop and maintain a separate application and infrastructure, which could increase complexity and cost. Using JIT provisioning to automatically create the account in the accounting system would require UC to configure Facebook as a SAML identity provider, which is not supported by Facebook. Using OAuth JWT flow to pass the data from Salesforce to the accounting system would require UC to obtain an OAuth token from the accounting system and use it to make API calls, which could introduce security and performance issues.
Up-to-Date
We always provide up-to-date Identity-and-Access-Management-Architect exam dumps to our clients. Keep checking website for updates and download.
Excellence
Quality and excellence of our Salesforce Certified Identity andAccess Management Architect (SU24) practice questions are above customers expectations. Contact live chat to know more.
Success
Your SUCCESS is assured with the Identity-and-Access-Management-Architect exam questions of passin1day.com. Just Buy, Prepare and PASS!
Quality
All our braindumps are verified with their correct answers. Download Identity and Access Management Designer Practice tests in a printable PDF format.
Basic
$80
Any 3 Exams of Your Choice
3 Exams PDF + Online Test Engine
Buy Now
Premium
$100
Any 4 Exams of Your Choice
4 Exams PDF + Online Test Engine
Buy Now
Gold
$125
Any 5 Exams of Your Choice
5 Exams PDF + Online Test Engine
Buy Now
Passin1Day has a big success story in last 12 years with a long list of satisfied customers.
We are UK based company, selling Identity-and-Access-Management-Architect practice test questions answers. We have a team of 34 people in Research, Writing, QA, Sales, Support and Marketing departments and helping people get success in their life.
We dont have a single unsatisfied Salesforce customer in this time. Our customers are our asset and precious to us more than their money.
Identity-and-Access-Management-Architect Dumps
We have recently updated Salesforce Identity-and-Access-Management-Architect dumps study guide. You can use our Identity and Access Management Designer braindumps and pass your exam in just 24 hours. Our Salesforce Certified Identity andAccess Management Architect (SU24) real exam contains latest questions. We are providing Salesforce Identity-and-Access-Management-Architect dumps with updates for 3 months. You can purchase in advance and start studying. Whenever Salesforce update Salesforce Certified Identity andAccess Management Architect (SU24) exam, we also update our file with new questions. Passin1day is here to provide real Identity-and-Access-Management-Architect exam questions to people who find it difficult to pass exam
Identity and Access Management Designer can advance your marketability and prove to be a key to differentiating you from those who have no certification and Passin1day is there to help you pass exam with Identity-and-Access-Management-Architect dumps. Salesforce Certifications demonstrate your competence and make your discerning employers recognize that Salesforce Certified Identity andAccess Management Architect (SU24) certified employees are more valuable to their organizations and customers. We have helped thousands of customers so far in achieving their goals. Our excellent comprehensive Salesforce exam dumps will enable you to pass your certification Identity and Access Management Designer exam in just a single try. Passin1day is offering Identity-and-Access-Management-Architect braindumps which are accurate and of high-quality verified by the IT professionals. Candidates can instantly download Identity and Access Management Designer dumps and access them at any device after purchase. Online Salesforce Certified Identity andAccess Management Architect (SU24) practice tests are planned and designed to prepare you completely for the real Salesforce exam condition. Free Identity-and-Access-Management-Architect dumps demos can be available on customer’s demand to check before placing an order.
What Our Customers Say
Jeff Brown
Thanks you so much passin1day.com team for all the help that you have provided me in my Salesforce exam. I will use your dumps for next certification as well.
Mareena Frederick
You guys are awesome. Even 1 day is too much. I prepared my exam in just 3 hours with your Identity-and-Access-Management-Architect exam dumps and passed it in first attempt :)
Ralph Donald
I am the fully satisfied customer of passin1day.com. I have passed my exam using your Salesforce Certified Identity andAccess Management Architect (SU24) braindumps in first attempt. You guys are the secret behind my success ;)
Lilly Solomon
I was so depressed when I get failed in my Cisco exam but thanks GOD you guys exist and helped me in passing my exams. I am nothing without you.