An Architect has successfully configured SAML-based SSO for Universal Containers. SSO has been working for 3 months when Universal Containers manually adds a batch of new users to Salesforce. The new users receive an error from Salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access Salesforce.
What is the likely cause of this behavior?

• A.The new users do NOT have the SSO permission enabled on their profiles.
• B.The My Domain capability is NOT enabled on the new user's profile.
• C.The administrator forgot to reset the new user's Salesforce password.
• D.The Federation ID field on the new User records is NOT correctly set.

Comment: *

Name: *

Email: *

Verification: *

Northern Trail Outfitters (NTO) employees use a custom on-premise helpdesk application to request, approve, notify, and track access granted to various on-premises and cloud applications, including Salesforce. Salesforce is currently used to authenticate users.
How should NTO provision Salesforce users as soon as they are approved in the helpdesk application with the approved profiles and permission sets?

• A.Use a login flow to query the helpdesk to validate user status.
• B.Have the helpdesk initiate an IdP-initiated Just-m-Time provisioning Security Assertion Markup Language flow.
• C.Use Salesforce Connect to integrate with the helpdesk application.
• D.Build an integration that performs a remote call-in to the Salesforce SOAP or REST API.

Comment: *

Name: *

Email: *

Verification: *

How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when NOT connected to an internal company network?

• A.Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.
• B.Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
• C.Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
• D.Add the company's list of network IP addresses to the Login Range list under 2FA Setup.

Comment: *

Name: *

Email: *

Verification: *

Ttie executive sponsor for an organization has asked if Salesforce supports the ability to embed a login widget into its service providers in order to create a more seamless user experience.
What should be used and considered before recommending it as a solution on the Salesforce Platform?

• A.Embedded Login. Consider whether or not it relies on third party cookies which can cause browser compatibility issues.
• B.Salesforce REST apis. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.
• C.Embedded Login. Identify what level of UI customization will be required to make it match the service providers look and feel.
• D.OpenID Connect Web Server Flow. Determine if the service provider is secure enough to store the client secret on.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers want users to be able to log in to the Salesforce mobile app with their Active Directory password. Employees are unable to use mobile VPN.
Which two options should an identity architect recommend to meet the requirement?
Choose 2 answers

• A.Salesforce Identity Connect
• B.Salesforce Trigger & Field on Contact Object
• C.Active Directory Password Sync Plugin
• D.Configure Cloud Provider Load Balancer

Comment: *

Name: *

Email: *

Verification: *