Accepting 3rd party Identity in Salesforce (22%) Flashcards
Universal Containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users.
Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request?
Choose three answers.
A) The web service needs to include Source IP as a method parameter.
B) UC should whitelist all Salesforce IP ranges on their corporate firewall.
C) The return type of the Web service method should be a boolean value.
D) Delegated Authentication is enabled for the System Administrator profile.
E) The web service can be done in either SOAP or REST protocol
A) The web service needs to include Source IP as a method parameter.
B) UC should whitelist all Salesforce IP ranges on their corporate firewall.
C) The return type of the Web service method should be a boolean value.
How does Identity Connect synchronize Salesforce with Active Directory?
A) It syncs Active Directory users from Salesforce users
B) It syncs Salesforce users from Active Directory
C) It syncs Salesforce users from Active Directory and Active Directory users from Salesforce users
D) It syncs Active Directory users from the company’s central database
B) It syncs Salesforce users from Active Directory
How do you determine which users in AD have access to Salesforce?
A) Use filters
B) Create a base context for each branch of the AD tree that contains possible Salesforce users
C) You can’t. Identity Connect maps every AD user to Salesforce
D) A and B
E) B and C
D) A and B
Why would you use transformation scripts with AD and Identity Connect?
A) To transform the AD username to the Salesforce username
B) To map permissions between Salesforce and AD
C) To populate values on the fly
D) A and B
E) A and C
E) A and C
Which statement is correct?
A) You can map an AD profile to a Salesforce profile only
B) You can map an AD role to a Salesforce role only
C) You can map an AD group to a Salesforce profile, permission set, group, and role
D) You can map an AD group to a Salesforce profile, role, and user
C) You can map an AD group to a Salesforce profile, permission set, group, and role
With Identity Connect, can you sync other attributes than those listed under the Attributes tab?
A) Yes. You can add your own attributes for Identity Connect to sync
B) Yes. You can exclude Salesforce attributes from syncs
C) Yes. You can have Identity Connect retrieve attributes from your Salesforce org
D) A and B
E) B and C
E) B and C
Which of the following is true about setting up Identity Connect with multiple orgs?
A) You can set up Identity Connect to manage all production orgs at once
B) You can set up Identity Connect to centralize user data after an acquisition
C) You can set up Identity Connect with a mix of production and sandbox orgs
A) You can set up Identity Connect to manage all production orgs at once
Which of the following is true about a high-availability configuration of Identity Connect?
A) All configuration changes should be made to your primary Identity Connect instance
B) Identity Connect uses the OrientDB to store configuration data
C) High availability is important if you’re using Identity Connect for authentication
D) A and C
E) B and C
D) A and C
Why install Identity Connect in your DMZ rather than your internal network?
A) To use a global catalog when you have two Active Directories
B) To enable users to log in to your corporate network from a customer site without first accessing a VPN
C) To balance the load
D) To protect users who log in to Salesforce with their AD credentials
B) To enable users to log in to your corporate network from a customer site without first accessing a VPN
What does Identity Connect require for user provisioning?
A) LDAP or LDAPS and HTTPS
B) Active Directory installed on-premises
C) Delete access to Active Directory
D) A and B
E) B and C
D) A and B
What does DMZ stand for?
Demilitarized zone. It is a subnetwork that separates your internal network from other untrusted networks, like the Internet
From an Identity Connect perspective you can install it in the DMZ instead of installing it behind the firewall
Describe what Identity Connect is?
It integrates Microsoft Active Directory (AD) with Salesforce.
It is on-premises software that sits behind your firewall and pushes data to Salesforce. It communicates with the AD server over LDAP(S), and it communicates with Salesforce over HTTPS.
You can also use Identity Connect for single sign-on to Salesforce
If you want to disable passwords in Salesforce, what do you need to do?
Contact Salesforce Support to enable Delegated Administration.
Then you can set “Is Single Sign-On Enabled” on the profile of users who won’t have a Salesforce password
In Identity Connect, what is the downside of choosing the Schedule Updates data sync option?
A) It reacts to changes as they occur
B) It makes many more API calls
C) None. You can schedule updates whenever
D) It compares all the data between AD and Salesforce
B) It makes many more API calls
When should you disable Salesforce passwords?
A) Always
B) When Identity Connect is down
C) When you want to keep the Identity Connect login page behind the firewall
D) When you want to require users to use one set of credentials
E) C and D
D) When you want to require users to use one set of credentials