Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to 65 set up My Domain for their Salesforce org.
How does that decision impact their SSO implementation?

• A.IdP-initiated SSO will NOT work.
• B.Neither SP- nor IdP-initiated SSO will work.
• C.SP-initiated SSO will NOT work
• D.Either SP- or IdP-initiated SSO will work.

Comment: *

Name: *

Email: *

Verification: *

A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce.
What should an identity architect recommend to configure the requirement with limited changes to the third-party app?

• A.Use a connected app with user provisioning flow.
• B.Create Canvas app in Salesforce for third-party app to provision users.
• C.Redirect users to the third-party app for registration.
• D.Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) has an existing Salesforce org configured for SP-Initiated SAML SSO with their Idp. A second Salesforce org is being introduced into the environment and the IT team would like to ensure they can use the same Idp for new org. What action should the IT team take while implementing the second org?

• A.Use the same SAML Identity location as the first org.
• B.Use a different Entity ID than the first org.
• C.Use the Salesforce Username as the SAML Identity Type.
• D.Use the same request bindings as the first org.

Comment: *

Name: *

Email: *

Verification: *

Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multi-factor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO's corporate Identity Provider, which includes built-in MFA.
Which configuration will meet this requirement?

• A.For all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels.
• B.Create and assign a permission set to all employees that includes "MFA for User Interface Logins."
• C.Enable "MFA for User Interface Logins" for your organization from Setup -> Identity Verification.
• D.Create a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices. Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit?

• A.Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload.
• B.Use Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices.
• C.Use a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion.
• D.Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload.

Comment: *

Name: *

Email: *

Verification: *