It is more faster and easier to pass the Salesforce Identity-and-Access-Management-Designer exam by using Downloadable Salesforce Salesforce Certified Identity and Access Management Designer (SP19) questuins and answers. Immediate access to the Renewal Identity-and-Access-Management-Designer Exam and find the same core area Identity-and-Access-Management-Designer questions with professionally verified answers, then PASS your exam with a high score now.

Also have Identity-and-Access-Management-Designer free dumps questions for you:

Universal containers (UC) has a mobile application that calls the salesforce REST API. In order to prevent users from having to enter their credentials everytime they use the app, UC has enabled the use of refresh Tokens as part of the salesforce connected App and updated their mobile app to take advantage of the refresh token. Even after enabling the refresh token, Users are still complaining that they have to enter their credentials once a day. What is the most likely cause of the issue?

  • A. The Oauth authorizations are being revoked by a nightly batch job.
  • B. The refresh token expiration policy is set incorrectly in salesforce
  • C. The app is requesting too many access Tokens in a 24-hour period
  • D. The users forget to check the box to remember their credentials.

Answer: B

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

  • A. Federation ID
  • B. Salesforce User ID
  • C. User Full Name
  • D. User Email Address
  • E. Salesforce Username

Answer: ACD

Northern Trail Outfitters (NTO) has an existing custom business-to-consumer (B2C) website that does NOT support single sign-on standards, such as Security Assertion Markup Language (SAMi) or OAuth. NTO wants to use Salesforce Identity to register and authenticate new customers on the website.
Which two Salesforce features should an identity architect use in order to provide username/password authentication for the website?
Choose 2 answers

  • A. Identity Connect
  • B. Delegated Authentication
  • C. Connected Apps
  • D. Embedded Login

Answer: BD

Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login. What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

  • A. Enable Facebook and Linkedin as Login options in the login section of the Community configuration.
  • B. Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
  • C. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.
  • D. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.

Answer: AB

In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

  • A. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.
  • B. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
  • C. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
  • D. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.

Answer: C

A leading fitness tracker company is getting ready to launch a customer community. The company wants its customers to login to the community and connect their fitness device to their profile. Customers should be able to obtain exercise details and fitness recommendation In the community.
Which should be used to satisfy this requirement?

  • A. Named Credentials
  • B. Login Flows
  • C. OAuth Device Plow
  • D. Single Sign-On Settings

Answer: C

Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.
How should an identity architect implement this requirement?

  • A. Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
  • B. Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
  • C. Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time (JIT) provisioning.
  • D. Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.

Answer: B

Universal Containers (UC) has a Customer Community that uses Facebook for of authentication. UC would like to ensure that changes in the Facebook profile are 65. reflected on the appropriate Customer Community user. How can this requirement be met?

  • A. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
  • B. Use information in the Signed Request that is received from Facebook.
  • C. Develop a scheduled job that calls out to Facebook on a nightly basis.
  • D. Use the updateUser() method on the Registration Handler class.

Answer: D

Universal containers wants to set up SSO for a selected group of users to access external applications from salesforce through App launcher. Which three steps must be completed in salesforce to accomplish the goal?

  • A. Associate user profiles with the connected Apps.
  • B. Complete my domain and Identity provider setup.
  • C. Create connected apps for the external applications.
  • D. Complete single Sign-on settings in security controls.
  • E. Create named credentials for each external system.

Answer: ABC

Universal Containers (UC) has a desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and Salesforce should be seamless. What Authorization flow should the Architect recommend?

  • A. JWT Bearer Token Flow
  • B. Web Server Authentication Flow
  • C. User Agent Flow
  • D. Username and Password Flow

Answer: C

Universal containers(UC) has implemented SAML-BASED single Sign-on for their salesforce application and is planning to provide access to salesforce on mobile devices using the salesforce1 mobile app. UC wants to ensure that single Sign-on is used for accessing the salesforce1 mobile app. Which two recommendations should the architect make? Choose 2 answers

  • A. Use the existing SAML SSO flow along with user agent flow.
  • B. Configure the embedded Web browser to use my domain URL.
  • C. Use the existing SAML SSO flow along with Web server flow
  • D. Configure the salesforce1 app to use the my domain URL

Answer: AD

Universal Containers is implementing Salesforce Identity to broker authentication from its enterprise single sign-on (SSO) solution through Salesforce to third party applications using SAML.
What rote does Salesforce Identity play in its relationship with the enterprise SSO system?

  • A. Identity Provider (IdP)
  • B. Resource Server
  • C. Service Provider (SP)
  • D. Client Application

Answer: C

Universal containers (UC) has implemented SAML -based single Sign-on for their salesforce application. UC is using pingfederate as the Identity provider. To access salesforce, Users usually navigate to a bookmarked link to my domain URL. What type of single Sign-on is this?

  • A. Sp-Initiated
  • B. IDP-initiated with deep linking
  • C. IDP-initiated
  • D. Web server flow.

Answer: A

Uwversal Containers (UC) is building a custom employee hut) application on Amazon Web Services (AWS) and would like to store their users' credentials there. Users will also need access to Salesforce for internal operations. UC has tasked an identity architect with evaluating Afferent solutions for authentication and authorization between AWS and Salesforce.
How should an identity architect configure AWS to authenticate and authorize Salesforce users?

  • A. Configure the custom employee app as a connected app.
  • B. Configure AWS as an OpenID Connect Provider.
  • C. Create a custom external authentication provider.
  • D. Develop a custom Auth server in AWS.

Answer: B

Universal containers (UC) has an e-commerce website while customers can buy products, make payments, and manage their accounts. UC decides to build a customer Community on Salesforce and wants to allow the customers to access the community for their accounts without logging in again. UC decides to implement ansp-Initiated SSO using a SAML-BASED complaint IDP. In this scenario where salesforce is the service provider, which two activities must be performed in salesforce to make sp-Initiated SSO work? Choose 2 answers

  • A. Configure SAML SSO settings.
  • B. Configure Delegated Authentication
  • C. Create a connected App
  • D. Set up my domain

Answer: AD

What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

  • A. Reference to a URL redirect parameter at the identity provider.
  • B. Reference to a URL redirect parameter at the service provider.
  • C. Reference to the login address URL of the service provider.
  • D. Reference to the login address URL of the identity Provider.

Answer: B

architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

  • A. The Identity Provider is also used to SSO into five other applications.
  • B. The clock on the Identity Provider server is twenty minutes behind Salesforce.
  • C. The Issuer Certificate from the Identity Provider expired two weeks ago.
  • D. The default language for the Identity Provider and Salesforce are Different.

Answer: BC


Recommend!! Get the Full Identity-and-Access-Management-Designer dumps in VCE and PDF From, Welcome to Download: (New 196 Q&As Version)