ABOUT THE EXAM
For specialists who design sound and scalable high-performing solutions on the Salesforce Platform that meet the Single Sign-on (SSO) requirements.Get the Exam Guide
Study & PrepareLearn at your own pace with a learning path designed just for you.
Architect Journey: Identity and Access Management
Grow your architect skills and expertise in the area of Identity and Access Management. This Trailmix has been curated just for you!
EXAM OUTLINE 34%
The Salesforce Certified Identity and Access Management Designer exam measures a candidate’s knowledge and skills related to the following objectives.
IDENTITY MANAGEMENT CONCEPTS
- Describe the role(s) an identity provider and service provider play in an access control solution.
- Describe common methods how trust connections are established between two systems and the methodologies used to describe trust between an identity provider and service provider.
- Given a scenario, articulate whether it is describing an authentication, authorization, or accounting scenario and what Salesforce feature should be used to accomplish the task.
- Given a scenario, recommend the appropriate method for provisioning users in Salesforce and other third party services (SOAP/REST API, SAML JIT, Identity Connect, User Provisioning for Connected Apps, etc.)
- Describe the risks to enterprise security that federated single sign-on solutions aim to address.
- Given a scenario, troubleshoot common points of failure that may be encountered in a single sign-on solution (SAML, OAuth, etc.).
ACCEPTING 3RD PARTY IDENTITY IN SALESFORCE 21%
- Describe the components of an identity management solution where Salesforce is accepting identity from a 3rd party.
- Given a scenario, recommend the appropriate authentication mechanism when Salesforce needs to accept 3rd Party Identity (Enterprise Directory, Social, Community, etc.)
- Given a scenario, recommend the appropriate method of SAML initiation to fulfill the requirements (SP-init, IdP-init.)
- Describe the components of a Delegated Authentication solution.
- Describe the risks of implementing delegated authentication.
SALESFORCE AS AN IDENTITY PROVIDER 18%
- Given a scenario, determine the most appropriate flow type to recommend when implementing an OAuth solution where Salesforce is providing identity to a 3rd party (E.g. User Agent, Web Server, JWT, etc.)
- Describe the various implementation concepts of OAuth (E.g. scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.)
- Describe the role(s) Connected Apps play when Salesforce needs to provide identity to a third party system.
- Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the 3rd party system. (Canvas, Connected Apps, App Launcher, etc.).
ACCESS MANAGEMENT BEST PRACTICES 12%
- Describe the risks that Two-Factor Authentication mechanisms aim to mitigate.
- Given a scenario, determine the most appropriate Two-Factor Authentication mechanism for an identity solution.
- Given a scenario, identify the risks and mitigation strategies that session security and Two-Factor Authentication enable (E.g. High Assurance Sessions, 2FA, etc.).
SALESFORCE IDENTITY 8%
- Given a scenario, recommend the most appropriate Salesforce license type(s) to support the identity requirements.
- Describe the role(s) Identity Connect plays in an Identity Management solution.
COMMUNITY (PARTNER AND CUSTOMER)
- Describe the capabilities for customizing the registration experience for external communities (E.g. Branding options, self-registration, communications, etc.).
Topic
Identity Terminology Cheat Sheet
One Term | That’s Easily Confused with This Term | |
---|---|---|
1 | Authentication means who a person is. These days, authentication is often used as shorthand for authorization and authentication. | Authorization means what a person can do. |
2 | Protocol specifies the set of rules that enable systems to exchange information. Generally, the term protocol and standard are used interchangeably. | Standard is a specification, a set of industry practices that vendors agree to support. Often, a standard contains a protocol to specify how the companies implement the standard. |
3 | Username and password are what the user supplies to log in to a system. | Credentials are basically the same thing. |
4 | Single sign-on (SSO) enables a person to log in once and access other apps and services without logging in again. | Social sign-on enables a person to log in to an app using the credentials established with a social account like Google. That app accepts the Google credentials, and the user doesn’t have to create another account and password. |
5 | Identity provider is a trusted service that enables users to access other websites and services without logging in again. | Service provider is a website or service that hosts apps and accepts identity from an identity provider. |
Delegated authentication offers the following benefits.
- Uses a stronger form of user authentication, such as integration with a secure identity provider
- Makes your login page private and accessible only behind a corporate firewall
- Differentiates your org from all other companies that use Salesforce to reduce phishing attacks
Benefits of SSO
- Reduced administrative costs
- Leverage existing investment
- Time savings
- Increased user adoption
- Increased security
Benefits of Just-in-Time Provisioning
- Reduced Administrative Costs
- Increased User Adoption
- Increased Security
Resource
Digging Deeper into OAuth 2.0 in Salesforce
Configure SSO Across Multiple Salesforce Orgs
Dictionary: Salesforce Certified Identity & Access Manangement Designer
How to Prepare For and PASS Identity and Access Management Designer Exam
Salesforce Certified Identity and Access Management Designer Exam Tips