architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

• A.The Issuer Certificate from the Identity Provider expired two weeks ago.
• B.The clock on the Identity Provider server is twenty minutes behind Salesforce.
• C.The default language for the Identity Provider and Salesforce are Different.
• D.The Identity Provider is also used to SSO into five other applications.

Comment: *

Name: *

Email: *

Verification: *

A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?

• A.OpenID Connect
• B.JWT Bearer Token Flow
• C.User Agent Flow
• D.Web Server Flow

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) employees have Salesforce access from restricted IP ranges only, to protect against unauthorised access. UC wants to roll out the Salesforce1 mobile app and make it accessible from any location. Which two options should an Architect recommend? Choose 2 answers

• A.Relax the IP restriction with a second factor in the Connect App settings for Salesforce1 mobile app.
• B.Use Login Flow to bypass IP range restriction for the mobile app.
• C.Remove existing restrictions on IP ranges for all types of user access.
• D.Relax the IP restrictions in the Connect App settings for the Salesforce1 mobile app.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) wants to provide single sign-on (SSO) for a business-to-consumer (B2C) application using Salesforce Identity.
Which Salesforce license should UC utilize to implement this use case?

• A.External Identity
• B.Partner Community
• C.Salesforce Platform
• D.Identity Only

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers

• A.Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
• B.Utilize Authorization Providers to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
• C.Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
• D.Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.

Comment: *

Name: *

Email: *

Verification: *