Exam (elaborations)
Salesforce Certified Identity and Access Management Questions With Complete Solutions
- Course
- Institution
Salesforce Certified Identity and Access Management Questions With Complete Solutions
[Show more]
Content preview
Salesforce Certified Identity and Access ManagementQuestions With Complete Solutions
Access Tokens Correct Answer - Are a type of OAuth token,
known as the Session ID
- Are used to make authenticated requests FOR the user
- Have a longer lifetime than authorisation codes
- Must be protected from interception (via Transport Layer
Security: TLS)
After identity verification is successful, the user doesn't have to
verify identity again from that browser or app, unless the user:
Correct Answer - Manually clears browser cookies, sets the
browser to delete cookies, or browses in private or incognito
mode
- Deselects "Don't ask again" on the identity verification page
Asset Token Flows Correct Answer are used to request an asset
token from Salesforce for connected devices
Authentication providers (for single sign-on) Correct Answer -
allow users to login to Salesforce using login credentials from an
external service provider
- allow users to to login from any OpenID Connect provider
such as Facebook
,- do not validate passwords; they use the login credentials from
the external service provider to authenticate
Authorisation Codes Correct Answer - Are a type of OAuth
token that authorise access for a very short amount of time
- Are generated by Salesforce and passed to the client app via
the browser
- Are passed from the client App to the Authorisation Server in
exchange for an access / refresh token
Benefits of SSO Correct Answer - Reduced admin costs
- Leverage existing investments by delegating authentication to
LDAP and others
- Time savings - Saves users time that would otherwise be spent
logging in
- Increased user adoption - users are more likely to use a system
that is easy to access
- Increased security - Corporate network policies are applied to
Salesforce, and sending a temporary credential is more secure
for users who access sensitive data
Best practices and considerations for implementing Delegated
Authentication SSO Correct Answer - deploy the web service
on a server in your DMZ (de-militarised zone)
,- If Salesforce and your system can't connect, or if the request
takes longer than 10 seconds to process, the login attempt fails.
Users get an error.
- Namespaces, element names and capitalisations must be exact
for SOAP requests
- Wherever possible, generate your server stub from the WSDL
file to ensure accuracy.
- Make your web service available through TLS. It's more secure
as a certificate is required
- Implement trusted IP ranges to restrict access to Salesforce via
the user's location
- You might need to map your org's internal usernames to your
Salesforce usernames. If your org doesn't follow a standard
mapping, try extending your user database schema (for example,
Active Directory) to include the Salesforce username as an
attribute of a user account.
- Don't enable SSO for Salesforce administrators - if your SSO
server goes down, admins can't get back in - they need to, in
order to disable SSO in the event of a problem
- Build in a developer edition or sandbox first, and test with
Salesforce clients, such as Salesforce for Outlook, Connect for
Office, and Connect Offline
, Best practices and considerations for implementing Federated
Authentication SSO Correct Answer - Enter the Salesforce
login URL from the Single Sign On Settings configuration page
into the corresponding configuration parameter of your identity
provider. Sometimes, the setting is called the recipient URL.
- Salesforce allows a maximum of 3 minutes for clock skew
with your IDP server. Make sure that your server's clock is up to
date.
- If you can't log in with SAML assertion, check the login
history and note the error message. Use the SAML Assertion
Validator on the Single Sign On Settings configuration page to
troubleshoot.
- Map your orgs internal usernames and Salesforce usernames
using the FederationIdentifier field of each Salesforce user.
- you can extend your user database schema (for example,
Active Directory) to include the Salesforce username as an
attribute of a user account.
- Before allowing users to log in with SAML assertions, enable
the SAML org preference and provide the necessary
configurations.
- Use the My Domain feature to prevent users from logging in to
Salesforce directly, and give admins more control over login
policies.
- Test in a developer edition or sandbox first
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Classroom. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
67866 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now