Salesforce Certified Identity and Access Management Architect practice exam

Salesforce Identity and Access Management Architect exam sections

Below are all the sections, which will be tested during the exam.

A candidate should have a hands-on experience and deep understanding of the following areas.

Identity Management Concepts: 17%

• Describe common authentication patterns and understand the differences between each one.
• Describe the building blocks that are part of an identity solution (authentication, authorization, & accountability) and how you enable those building blocks using Salesforce features.
• Describe how trust is established between two systems.
• Given a scenario, recommend the appropriate method for provisioning users in Salesforce.
• Given a scenario, troubleshoot common points of failure that may be encountered in a single sign-on solution (SAML, OAuth, etc.).

Accepting Third-Party Identity in Salesforce: 21%

• Given a use case, describe when Salesforce is used as a Service Provider.
• Given a scenario, recommend the most appropriate way to provision users from identity stores in B2E and B2C scenarios.
• Given a scenario, recommend the appropriate authentication mechanism when Salesforce needs to accept 3rd Party Identity (Enterprise Directory, Social, Community, etc.).
• Given a scenario, identify the ways that users can be provisioned in Salesforce to enable SSO and apply access rights.
• Given a scenario, identify the auditing and monitoring approaches available on the platform, and describe the tools that are available to diagnose IdP issues.

Salesforce as an Identity Provider: 17%

• Given a scenario, identify the most appropriate OAuth flow (Web based, JWT, User agent, Device auth flow).
• Given a scenario, recommend appropriate Scope and Configuration of the connected App for Authorization.
• Describe the various implementation concepts of OAuth (scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.).
• Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the 3rd party system. (Canvas, Connected Apps, App Launcher, etc.).

Access Management Best Practices: 15%

• Given a set of requirements, determine the most appropriate methods of multi-factor authentication to use, and the right type of session they should yield.
• Given a scenario, how should you best assign roles, profiles, and permission sets to a user during the SSO process, how would you keep these assignments up to date.
• Given a scenario, describe what tools you can apply to audit and verify the activity/user during and after login.
• Given a scenario, identify the configuration settings for a Connected app.

Salesforce Identity: 12%

• Given a set of requirements, identify the role Identity Connect product plays in a Salesforce Identity implementation.
• Given a scenario identify if Salesforce Customer 360 Identity fits into a fully developed Customer 360 solution.
• Given a set of requirements, recommend the most appropriate Salesforce license type(s).

Community (Partner and Customer): 18%

• Describe the capabilities for customizing the user experience for Experience Cloud (Branding options, authentication options, identity verification self-registration, communications, password reset etc.).
• Given a set of requirements, determine the best way to support external identity providers in communities and leverage the right user/contact model to support community user experience.
• Given a requirement, understand the advantages and limitations of External Identity solutions and associated licenses.
• Given a scenario, determine when to use embedded login.

For the reference: Check Salesforce official Exam Guide.