Universal Containers is implementing Salesforce Identity to broker authentication from its enterprise single sign-on (SSO) solution through Salesforce to third party applications using SAML.
What rote does Salesforce Identity play in its relationship with the enterprise SSO system?

• A.Resource Server
• B.Identity Provider (IdP)
• C.Client Application
• D.Service Provider (SP)

Comment: *

Name: *

Email: *

Verification: *

Universal Containers has implemented a multi-org strategy and would like to centralize the management of their Salesforce user profiles.
What should the Architect recommend to allow Salesforce profiles to be managed from a central system of record?

• A.Implement JIT provisioning on the SAML IdP that will pass the ProfileID in each assertion.
• B.Implement Delegated Authentication that will update the user profiles as necessary.
• C.Create an Apex scheduled job in one org that will synchronize the other org's profiles.
• D.Implement an OAuth JWT flow to pass the profile credentials between systems.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) is building an integration between Salesforce and a legacy web application using the Canvas framework. The security team for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the third-party app. Which two options should the Architect consider for authenticating the third-party app using the Canvas framework? Choose 2 answers

• A.Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.
• B.Utilize Authorization Providers to allow the third-party application to authenticate itself against Salesforce as the IdP.
• C.Utilize the Canvas OAuth flow to allow the third-party application to authenticate itself against Salesfore as the IdP
• D.Create a registration handler Apex class to allow the third-party application to authenticate itself against Salesforce as the IdP.

Comment: *

Name: *

Email: *

Verification: *

The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so.
For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

• A.Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.
• B.Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.
• C.Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.
• D.Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.

Comment: *

Name: *

Email: *

Verification: *

Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.
What should an identity architect recommend to meet these requirements?

• A.Configure a predefined authentication provider for Amazon.
• B.Configure Amazon as a connected app.
• C.Configure an OpenID Connect Authentication Provider for Amazon.
• D.Create a custom external authentication provider for Amazon.

Comment: *

Name: *

Email: *

Verification: *