Salesforce Identity and Access Management Architect Practice Exam

The Salesforce Identity and Access Management (IAM) Architect is responsible for designing and implementing secure, scalable, and efficient identity and access management solutions across Salesforce environments. This role focuses on managing user authentication, authorization, single sign-on (SSO), identity federation, and security protocols to ensure proper access controls and secure user experiences. The architect works to streamline user provisioning, manage external identities, and enforce governance policies while ensuring compliance with data security standards and regulations.
Why is Salesforce Identity and Access Management Architect important?

• Globally recognized certificate
• Makes you more valuable in the growing market for Salesforce IAM professionals
• Boosts your employability in roles related to Salesforce IAM and security
  
• Certifies your knowledge of providing secure access to Salesforce environments with identity and access controls.
• Validates your skills in design and management of SSO (Single Sign-On) and MFA (multi-factor authentication) .
• Focuses on knowledge of identity federation and integration with external systems.
• Verifies your capabilities for compliance with data privacy and security regulations.

Who should take the Salesforce Identity and Access Management Architect Exam?

• Salesforce Identity Architect
• Salesforce Security Architect
• Salesforce Solution Architect
• Salesforce Technical Architect
• IT Security Manager
• Identity and Access Management Specialist
• Salesforce Administrator with a focus on security
• IT Governance Manager

Skills Evaluated

Candidates taking the certification exam on the Salesforce Identity and Access Management Architect is evaluated for the following skills:

• Expertise in Salesforce identity management features like SSO, OAuth, and OpenID Connect.
• Knowledge of identity federation, authentication protocols, and MFA.
• Ability to design secure user access models and manage external identities.
• Proficiency in implementing user provisioning and de-provisioning processes.
• Understanding of role-based access control (RBAC) and permission sets in Salesforce.
• Familiarity with governance and compliance standards related to data security.
• Capability to integrate Salesforce with external identity management systems.

Salesforce Identity and Access Management Architect Certification Course Outline
The Salesforce Identity and Access Management Architect Certification covers the following topics -

1. Identity Management Concepts: 17%

• Describe common authentication patterns and understand the differences between each one.

• Describe the building blocks that are part of an identity solution (authentication, authorization, and accountability) and how you enable those building blocks using Salesforce features.

• Describe how trust is established between two systems.

• Given a scenario, recommend the appropriate method for provisioning users in Salesforce.

• Given a scenario, troubleshoot common points of failure that may be encountered in a single sign-on (SSO) solution (SAML, OAuth, etc.).

2. Accepting Third-Party Identity in Salesforce: 21%

• Given a use case, describe when Salesforce is used as a Service Provider (SP).

• Given a scenario, recommend the most appropriate way to provision users from identity stores in business-to-employer (B2E) and business-to-consumer (B2C) scenarios.

• Given a scenario, recommend the appropriate authentication mechanism when Salesforce needs to accept third-party Identity (Enterprise Directory, Social, Community, etc.).

• Given a scenario, identify the ways to provision users in Salesforce to enable SSO and apply access rights.

• Given a scenario, identify the auditing and monitoring approaches available on the platform, and describe the tools available to diagnose Identity Provider (IdP) issues.

3. Salesforce as an Identity Provider: 17%

• Given a scenario, identify the most appropriate OAuth flow (Web-based, JWT, User agent, Device auth flow).

• Given a scenario, recommend appropriate Scope and Configuration of the Connected App for Authorization.

• Describe the various implementation concepts of OAuth (scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.).

• Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the third-party system (Canvas, Connected Apps, App Launcher, etc.).

4. Access Management Best Practices: 15%

• Given a set of requirements, determine the most appropriate methods of multi-factor authentication (MFA) to use, and the right type of session they should yield.

• Given a scenario, determine how to best assign roles, profiles, and permission sets to a user during the SSO process, how to keep these assignments up to date.

• Given a scenario, describe which tools you can apply to audit and verify the activity/user during and after login.

• Given a scenario, identify the configuration settings for a Connected App.

5. Salesforce Identity: 12%

• Given a set of requirements, identify the role Identity Connect plays in a Salesforce Identity implementation.

• Given a scenario, identify if Salesforce Customer 360 Identity fits into a fully-developed Customer 360 solution.

• Give a set of requirements, recommend the most appropriate Salesforce license type(s).

6. Community (Partner and Customer): 18%

• Describe the capabilities for customizing the user experience for Experience Cloud (Branding options, authentication options, identity verification self-registration, communications, password reset, etc.).

• Given a set of requirements, determine the best way to support external IdPs in communities and leverage the right user/contact model to support community user experience.

• Given a requirement, understand the advantages and limitations of External Identity solutions and associated licenses.

• Given a scenario, determine when to use embedded login.