It is more faster and easier to pass the Salesforce Identity-and-Access-Management-Designer exam by using Breathing Salesforce Salesforce Certified Identity and Access Management Designer (SP19) questuins and answers. Immediate access to the Abreast of the times Identity-and-Access-Management-Designer Exam and find the same core area Identity-and-Access-Management-Designer questions with professionally verified answers, then PASS your exam with a high score now.

Free demo questions for Salesforce Identity-and-Access-Management-Designer Exam Dumps Below:

Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication? Choose 2 answers

  • A. Salesforce license for sales users and Identity license for Marketing users
  • B. Salesforce license for sales users and External Identity license for Marketing users
  • C. Identity license for sales users and Identity connect license for Marketing users
  • D. Salesforce license for sales users and platform license for Marketing users.

Answer: AD

Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.
What should an identity architect recommend to meet these requirements?

  • A. Configure a predefined authentication provider for Amazon.
  • B. Create a custom external authentication provider for Amazon.
  • C. Configure an OpenID Connect Authentication Provider for Amazon.
  • D. Configure Amazon as a connected app.

Answer: C

Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.
Identity-and-Access-Management-Designer dumps exhibit
What role combination is represented by the systems in this scenario''

  • A. Financial System and CPQ System are the only Service Providers.
  • B. Salesforce Org1 and Salesforce Org2 are the only Service Providers.
  • C. Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.
  • D. Salesforce Org1 and PingFederate are acting as Identity Providers.

Answer: D

The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

  • A. Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.
  • B. Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.
  • C. Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.
  • D. Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.

Answer: C

Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers

  • A. Use the salesforce REST API to sync users from active directory to salesforce
  • B. Use an app exchange product to sync users from Active Directory to salesforce.
  • C. Use Active Directory Federation Services to sync users from active directory to salesforce.
  • D. Use Identity connect to sync users from Active Directory to salesforce

Answer: BD

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?

  • A. Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.
  • B. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.
  • C. Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.
  • D. Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.

Answer: B

Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

  • A. Authentication Token
  • B. Session ID
  • C. Refresh Token
  • D. Access Token

Answer: CD

Which two capabilities does My Domain enable in the context of a SAML SSO configuration? Choose 2 answers

  • A. App Launcher
  • B. Resource deep linking
  • C. SSO from Salesforce Mobile App
  • D. Login Forensics

Answer: BC

An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage.
What is recommended to fulfill this requirement with the least amount of customization?

  • A. Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile.
  • B. Use Login Flows to add a screen that shows personalized alerts.
  • C. Build a Lightning web Component (LWC) for a homepage that shows custom alerts.
  • D. Create custom metadata that stores user alerts and use a LWC to display alerts.

Answer: B

The CIO of universal containers(UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize Oauth 2.0. UC has listed an architect to analyze all of the applications that use Oauth flows to. See where refresh Tokens can be applied. Which two OAuth flows should the architect consider in their evaluation? Choose 2 answers

  • A. Web server
  • B. Jwt bearer token
  • C. User-Agent
  • D. Username-password

Answer: AC

A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.
Which Salesforce OAuth authorization flow should be used?

  • A. OAuth 2.0 JWT Bearer How
  • B. OAuth 2.0 Device Flow
  • C. OAuth 2.0 User-Agent Flow
  • D. OAuth 2.0 Asset Token Flow

Answer: B

Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials.
The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically.
Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?

  • A. Just-in-Time (JIT) provisioning
  • B. Custom middleware and web services
  • C. Custom login flow and Apex handler
  • D. Third-party AppExchange solution

Answer: A

Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?

  • A. The CA-Signed Certificate from the Certificate and Key Management menu.
  • B. The default Client Certificate from the Develop--> API Menu.
  • C. The default Client Certificate or a Certificate from Certificate and Key Management menu.
  • D. The Self-Signed Certificates from the Certificate & Key Management menu.

Answer: B

A global fitness equipment manufacturer uses Salesforce to manage its sales cycle. The manufacturer has a custom order fulfillment app that needs to request order data from Salesforce. The order fulfillment app needs to integrate with the Salesforce API using OAuth 2.0 protocol.
What should an identity architect use to fulfill this requirement?

  • A. Canvas App Integration
  • B. OAuth Tokens
  • C. Authentication Providers
  • D. Connected App and OAuth scopes

Answer: D

Universal containers (UC) has decided to use identity connect as it's identity provider. UC uses active directory(AD) and has a team that is very familiar and comfortable with managing ad groups. UC would like to use AD groups to help configure salesforce users. Which three actions can AD groups control through identity connect? Choose 3 answers

  • A. Public Group Assignment
  • B. Granting report folder access
  • C. Role Assignment
  • D. Custom permission assignment
  • E. Permission sets assignment

Answer: ACE

Universal Containers (UC) is building a custom Innovation platform on their Salesforce instance. The Innovation platform will be written completely in Apex and Visualforce and will use custom objects to store the Data. UC would like all users to be able to access the system without having to log in with Salesforce credentials. UC will utilize a third-party idp using SAML SSO. What is the optimal Salesforce licence type for all of the UC employees?

  • A. Identity Licence.
  • B. Salesforce Licence.
  • C. External Identity Licence.
  • D. Salesforce Platform Licence.

Answer: D


P.S. Easily pass Identity-and-Access-Management-Designer Exam with 196 Q&As Dumps & pdf Version, Welcome to Download the Newest Identity-and-Access-Management-Designer Dumps: (196 New Questions)