Communities

Question 1

How do you configure SAML for Communities?

Answer 1

Use site URL and org id for multiple SAML implementations.

e.g. Recipient=”https://acme.my.site.com/customers/login?so=00DD0000000JsCM”

Question 2

What OAuth flows are supported for Communities?

Answer 2

All flows except Username-Password & SAML assertion

Question 3

How is the token passed for OAuth flow in Communities?

Answer 3

As a bearer token in Authorization Header
e.g.
https://site.force.com/customers/services/data/v32.0/ -H
“Authorization: Bearer
00D50000000IehZ!AQcAQH0dMHZfz972Szmpkb58urFRkgeBGsxL_QJWwYMfAbUeeG7c1E6
LYUfiDUkWe6H34r1AAwOR8B8fLEz6n04NPGRrq0FM”

Question 4

What is the authorize url for Communities in an OAuth flow?

Answer 4

https://acme.my.site.com/customers/services/oauth2/authorize?

Question 5

What is the URL after the app is authorized in an OAUth flow?

Answer 5

https://acme.my.site.com/customers/services/oauth2/token

Question 6

What are components of guest user access in Communities?

Answer 6

Guest users get a guest user record and profile

Question 7

What is external org access set to for Guest Users?

Answer 7

Private

Question 8

What are limitations of guest users?

Answer 8

1. Can’t have more than Read Access
2. Can’t be members of Public Groups or Queues
3. Can’t get access to records via Manual or Apex Sharing
4. Can’t have View All or Modify All access to objects
5. Can’t be owner for new records (goes to default owner) or existing records

Question 9

What kind of Community user can a Non-partner or Person Account create?

Answer 9

Only Customer Community users

Question 10

What permission do Salesforce license holders need to create external users?

Answer 10

Manage External Users

Question 11

What permission do Partner & Customer community users need to create external users?

Answer 11

Delegated External User Administration

Question 12

What does Salesforce do when a user self registers on a community?

Answer 12

Creates a Contact & User record

Question 13

What is the name of the controller for self registration?

Answer 13

CommunitiesSelfRegController

Question 14

What are page options for self registration

Answer 14

1. Default page
2. Configurable self reg page - can use any identifier (e.g. phone number)
3. Experience Builder page - can customise look & feel but requires username & password
4. VF page - full control - can use CommunitiesSelfReg

Question 15

What are the methods you need to use in Apex to create Community users?

Answer 15

1. CreatePortalUser
2. CreateExternalUser
3. CreatePersonAccountPortalUser

Question 16

What records can be created with JIT provisioning over SAML?

Answer 16

User, Contact & Account

Question 17

In which part of the SAML assertion is information for JIT provisioning sent?

Answer 17

saml:Attribute

Question 18

Where do you enable JIT provisioning in Salesforce

Answer 18

Single Sign On settings - ‘User Provisioning Enabled’

Question 19

What are the mandatory values you need to set for JIT provisioning?

Answer 19

SAML UserID Type = ‘Federation ID’

SAML Subject NameID = FederationID

Question 20

What are the fields you can send on Account for JIT provisioning?

Answer 20

1. Name (must be unique)
2. AccountNumber (must be unique)
3. Owner

Question 21

What are the fields you can send on Contact for JIT provisioning?

Answer 21

1. LastName

2. Email

Question 22

What are the field you can send on User for JIT provisioning?

Answer 22

1. LastName
2. Email
3. Username
4. ProfileID
5. PortalRole

Question 23

What is the process sequence for JIT provisioning?

Answer 23

1. Find user with matching FederationID
2. Search all contacts for match on email
3. Search all accounts for match on account name or account number
4. if no match at any of the steps above, SF creates account, contact & user

Question 24

What are the ways of authenticating into a Community?

Answer 24

1. Salesforce Identity
2. Social Sign On using OpenID Connect
3. Federated authentication using SAML
4. Delegated authentication using Identity Connect

Question 25

What can be branded in Community login pages?

Answer 25

1. Logos
2. Background color
3. Right frame URL content
4. Footer

Question 26

How do dynamic URL’s work?

Answer 26

By replacing the {expid} experience ID parameter

Question 27

What is login discovery?

Answer 27

Allows use of other identifiers (such as phone) instead of username in login process. Salesforce requires vertification code sent in the next screen to match

Question 28

Can you use login discovery with allow users to log in directly to the site?

Answer 28

No

Question 29

How do you enable self registration for Person Accounts in a customer community

Answer 29

1. Give access to self registration page to both person and business account record types
2. Under Administration - Login & Registration, make sure Account field is empty

Question 30

What pages can be customised in a Community authentication flow?

Answer 30

1. Login
2. Forgot Password
3. Self Registration
4. Logout

Question 31

What can you customise in the Login process for Communities

Answer 31

1. Controller i.e. logic

2. VF Page - UI

Question 32

How do you make custom pages and classes available for login configuration in Communities?

Answer 32

1. Go to Workspaces - Administration - Pages
2. Select ‘Go to Force.com’
3. Select ‘Public Access Settings’
4. Select ‘Enabled VisualForce Page Access’
5. Select ‘Enabled Apex Classes’

Question 33

For passwordless login, what method do you call to login users without a password?

Answer 33

site.passwordlesslogin

Question 34

For passwordless login, How do you register & de-register users in Apex if Salesforce is handling the verification?

Answer 34

UserManagement.registerVerificationMethod

UserManagement.deregisterVerificationMethod

Question 35

For passwordless login, what are the methods available if you are handling the full verification process?

Answer 35

1. initSelfRegistrationandverifySelfRegistration
2. initPasswordlessLoginandverifyPasswordlessLogin
3. initRegisterVerificationMethodandverifyRegisterVerificationMethod

Question 36

What are the steps required to enable Embedded Login?

Answer 36

1. Enable cross-domain resource sharing.
2. Create Embedded Login Connected App
3. Enable Embedded Login on Web page
4. Write Login & Logout functions
5. Handle the callback

Question 37

How do you set up CORS in SF?

Answer 37

Setup -> CORS -> New

Question 38

What does CORS do?

Answer 38

Enable cross-origin request by populating the Access-Control-Allow-Origin header

Question 39

What are the 2 types of callback supported for embedded login?

Answer 39

1. Client side - web page that receives the token

2. Server side - uses web server OAuth flow

Question 40

How can you monitor access into the SF org?

Answer 40

1. Identity → Login History
2. Identity → Identity Verification History
3. Identity → Identity Provider Event Log (where SF is IDP)
4. Mobile Device tracking (UserDevice and UserDeviceApplication objects)