Exam 1 Flashcards
Cosmic Service Solutions has enabled My Domain and integrated Salesforce with an external identity provider. The company wants to ensure users can only use Single Sign-On (SSO) to log in to Salesforce. Which steps should an architect recommend to meet this requirement?
Choose 3 answers.
Select “Prevent login from https://login.salesforce.com” on the My Domain page in Salesforce Setup. Assign the “Is Single Sign-On Enabled” permission to users who should use Single Sign-On to log in. Select “Disable login with Salesforce credentials” on the Single Sign-On Settings page in Salesforce Setup.
A Salesforce administrator is setting up SAML Single Sign-On (SSO) using an external identity provider. However, the login history shows intermittent ‘Replay Detected’ and ‘Assertion Invalid’ login errors during testing. Which of the following issues are most likely causing these errors?
Choose 2 answers.
The <Subject> element is missing from the SAML assertion. Salesforce detected an assertion ID that was previously used.</Subject>
Cosmic Harmony is a digital music services provider that uses Active Directory (AD) as its corporate identity provider and Salesforce as its CRM. When a new employee logs in to Salesforce using SAML Single Sign-On (SSO), it would like to automatically create a new user record in Salesforce, assigning them to a profile that maps to their Active Directory department. Which method in the SAML JIT handler class should be used to meet this requirement?
Choose 1 answer.
createUser
Cosmic Digital Solutions has an existing web application that is used for HR management. Users should be able to access the application from Salesforce without re-authentication. If required, the IT team can add new JavaScript code and/or libraries to the application. Which of the following should an identity architect recommend for this requirement?
Choose 1 answer.
Canvas App and Signed Requests
A Salesforce administrator has been assigned to set up SAML Single Sign-On (SSO) using an external identity provider. The administrator has configured the SAML settings for SSO in Salesforce but needs assistance with Just-In-Time (JIT) provisioning of users. Users must be provisioned in Salesforce based on various custom fields defined on the User object. What should an identity architect recommend to configure JIT provisioning for this requirement?
Choose 3 answers.
Enable user provisioning in the Single Sign-On (SSO) setting. Select the User Provisioning Type. Create a custom SAML JIT handler.
Cosmic Electronics is building an Experience Cloud site for its partners and would like to enable self-registration for the site. The self-registration form should capture custom data elements from partner users. Based on the data provided by a partner, the partner should be assigned to an appropriate profile, and field values should be auto-populated on the partner account. Also, users should receive a different site experience based on the data provided during self-registration. What should the company’s Salesforce architect recommend to meet these requirements?
Choose 2 answers.
Build a custom Visualforce page for self-registration and modify the CommunitiesSelfRegController to assign the profile and account field values. Create page variations for site pages using specific Contact and User fields for dynamic site experiences.
Cosmic Data Solutions (NDS) uses a SAML-based identity provider (IdP) to authenticate employees to multiple enterprise systems, such as an ERP system. The IdP authenticates them against a Lightweight Directory Access Protocol (LDAP) directory. Only a small percentage of employees require access to Salesforce. The company wants to ensure new employees have immediate access to Salesforce using the existing IdP. Which of the following should an identity architect recommend for this requirement?
Choose 1 answer.
Just-In-Time (JIT) Provisioning
A developer at Cosmic Electronics is building a custom web service that will allow secure access to product data stored in Salesforce. The web service will use a connected app and the OAuth 2.0 web server flow. Which of the following represents the correct sequence of steps in the OAuth flow?
Choose 1 answer.
The web service requests an authorization code, the user authenticates and authorizes access, Salesforce grants an authorization code, the web service requests an access token, and Salesforce grants an access token.
Cosmic Software Solutions wants to use Salesforce as the identity provider for certain external applications, such as a project management tool. The Technology Director would like to use the App Launcher in Salesforce to control the applications available to individual users. What steps should an identity architect recommend to meet this requirement?
Choose 3 answers.
Create a connected app for each external application. Specify the Start URL in each connected app to add it to the App Launcher. Set up Salesforce as a SAML identity provider (IdP).
Cosmic Electronics employees use a custom helpdesk application to request and track access to various enterprise systems and cloud applications, including Salesforce. The company wants to provision Salesforce users as soon as they are approved in the helpdesk application. A new user should be automatically assigned to the appropriate profile, role, and permission sets. What solution should an identity architect recommend to meet this requirement?
Choose 1 answer.
Build an integration based on SCIM (System for Cross-Domain Identity Management) and Salesforce REST API.
Cosmic Solutions is a multinational company with more than 30 sub-brands. It is building an Experience Cloud site for its customers. The brand experience must be different for each sub-brand, and each of these branded experiences must utilize a unique login experience, depending on which sub-brand a customer is logging into. What recommendations should an identity architect provide for implementing dynamic branding features for the site’s login process?
Choose 2 answers.
To dynamically brand the login experience, each sub-brand must be assigned a unique Experience ID (expid). The login implementation must set the login URL according to the value of the Experience ID.
Cosmic Footwear has built an Experience Cloud site for customers and partners. It is implementing a mobile-first Consumer Identity and Access Management (CIAM) solution for external users. The solution requires only user authentication. The user’s email or mobile phone number should be supported as a username. Which licenses should an identity architect recommend to meet this requirement?
Choose 1 answer.
External Identity and Identity Verification Credits
Cosmic Emporium is a major furniture manufacturer in the United States. The company is building a digital space using Experience Cloud to allow its B2B customers to design custom products. It would like to simplify the login process by allowing customers to use their social media credentials to register and access the digital space. It wants to implement social sign-on for Facebook, Twitter, Amazon, and a social media service that supports only the OAuth protocol. What recommendations should the company’s Salesforce architect make for this requirement?
Choose 3 answers.
An OpenID Connect authentication provider should be configured for Amazon. A custom authentication provider should be created for the service that supports only the OAuth protocol. Apex coding skills are required for custom registration handlers to create and update users automatically.
Cosmic Data Solutions uses a SAML-based Lightweight Directory Active Protocol (LDAP) directory for user management. When a company’s employee is terminated, they are first disabled in the LDAP directory. Requests for user deactivations are then sent to various applications and systems. However, a terminated employee who was recently disabled in the LDAP directory was able to log in to Salesforce two days after termination. What should an architect recommend to prevent this from happening in the future?
Choose 2 answers.
Define a SAML Single Sign-On Setting for the LDAP directory in Salesforce. Disable Login Form authentication on the My Domain page in Setup.
Cosmic Electronics has set up an Experience Cloud site that allows customers to access order data. The company would like to enable them to log in with their Facebook or LinkedIn credentials. What should an identity architect recommend for this requirement?
Choose 1 answer.
Set up Salesforce as a service provider by configuring predefined authentication providers for Facebook and LinkedIn.
Cosmic Solutions has integrated Google Workspace with Salesforce by defining a connected app. It would like to implement automation to enable, disable, freeze, suspend, and reactivate existing users in Google Workspace based on similar actions in Salesforce. Users should be automatically provisioned via a service endpoint before they can access Google Workspace tools from Salesforce. What should be recommended to meet this requirement?
Choose 1 answer.
Configure User Provisioning for the connected app.
