본문 바로가기

Salesforce/Certification

Identity and Access Management Designer

 

 ABOUT THE EXAM

For specialists who design sound and scalable high-performing solutions on the Salesforce Platform that meet the Single Sign-on (SSO) requirements.Get the Exam Guide
Study & PrepareLearn at your own pace with a learning path designed just for you.

Architect Journey: Identity and Access Management

Grow your architect skills and expertise in the area of Identity and Access Management. This Trailmix has been curated just for you!

EXAM OUTLINE 34%

The Salesforce Certified Identity and Access Management Designer exam measures a candidate’s knowledge and skills related to the following objectives.

IDENTITY MANAGEMENT CONCEPTS

  • Describe the role(s) an identity provider and service provider play in an access control solution.
  • Describe common methods how trust connections are established between two systems and the methodologies used to describe trust between an identity provider and service provider.
  • Given a scenario, articulate whether it is describing an authentication, authorization, or accounting scenario and what Salesforce feature should be used to accomplish the task.
  •  Given a scenario, recommend the appropriate method for provisioning users in Salesforce and other third party services (SOAP/REST API, SAML JIT, Identity Connect, User Provisioning for Connected Apps, etc.)
  • Describe the risks to enterprise security that federated single sign-on solutions aim to address.
  • Given a scenario, troubleshoot common points of failure that may be encountered in a single sign-on solution (SAML, OAuth, etc.).

ACCEPTING 3RD PARTY IDENTITY IN SALESFORCE 21%

  • Describe the components of an identity management solution where Salesforce is accepting identity from a 3rd party.
  • Given a scenario, recommend the appropriate authentication mechanism when Salesforce needs to accept 3rd Party Identity (Enterprise Directory, Social, Community, etc.)
  • Given a scenario, recommend the appropriate method of SAML initiation to fulfill the requirements (SP-init, IdP-init.)
  • Describe the components of a Delegated Authentication solution.
  • Describe the risks of implementing delegated authentication.

SALESFORCE AS AN IDENTITY PROVIDER 18%

  • Given a scenario, determine the most appropriate flow type to recommend when implementing an OAuth solution where Salesforce is providing identity to a 3rd party (E.g. User Agent, Web Server, JWT, etc.)
  • Describe the various implementation concepts of OAuth (E.g. scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.)
  • Describe the role(s) Connected Apps play when Salesforce needs to provide identity to a third party system.
  • Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the  3rd party system. (Canvas, Connected Apps, App Launcher, etc.).

ACCESS MANAGEMENT BEST PRACTICES 12%

  • Describe the risks that Two-Factor Authentication mechanisms aim to mitigate.
  • Given a scenario, determine the most appropriate Two-Factor Authentication mechanism for an identity solution.
  • Given a scenario, identify the risks and mitigation strategies that session security and Two-Factor Authentication enable (E.g. High Assurance Sessions, 2FA, etc.).

SALESFORCE IDENTITY 8%

  • Given a scenario, recommend the most appropriate Salesforce license type(s) to support the identity requirements.
  • Describe the role(s) Identity Connect plays in an Identity Management solution.

COMMUNITY (PARTNER AND CUSTOMER)

  • Describe the capabilities for customizing the registration experience for external communities (E.g. Branding options, self-registration, communications, etc.).

Topic

Identity Terminology Cheat Sheet

  One Term That’s Easily Confused with This Term
1 Authentication means who a person is. These days, authentication is often used as shorthand for authorization and authentication. Authorization means what a person can do.
2 Protocol specifies the set of rules that enable systems to exchange information. Generally, the term protocol and standard are used interchangeably. Standard is a specification, a set of industry practices that vendors agree to support. Often, a standard contains a protocol to specify how the companies implement the standard.
3 Username and password are what the user supplies to log in to a system. Credentials are basically the same thing.
4 Single sign-on (SSO) enables a person to log in once and access other apps and services without logging in again. Social sign-on enables a person to log in to an app using the credentials established with a social account like Google. That app accepts the Google credentials, and the user doesn’t have to create another account and password.
5 Identity provider is a trusted service that enables users to access other websites and services without logging in again. Service provider is a website or service that hosts apps and accepts identity from an identity provider.

Delegated authentication offers the following benefits.

  • Uses a stronger form of user authentication, such as integration with a secure identity provider
  • Makes your login page private and accessible only behind a corporate firewall
  • Differentiates your org from all other companies that use Salesforce to reduce phishing attacks

Benefits of SSO

  • Reduced administrative costs
  • Leverage existing investment
  • Time savings
  • Increased user adoption
  • Increased security

Benefits of Just-in-Time Provisioning

  • Reduced Administrative Costs
  • Increased User Adoption
  • Increased Security

Resource

Digging Deeper into OAuth 2.0 in Salesforce
Configure SSO Across Multiple Salesforce Orgs
Dictionary: Salesforce Certified Identity & Access Manangement Designer
How to Prepare For and PASS Identity and Access Management Designer Exam
Salesforce Certified Identity and Access Management Designer Exam Tips

  •