Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Salesforce
  5. Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Exam Questions
Salesforce Certified Identity and Access Management Architect (Page 8 )

Updated On: 16-Feb-2026
Page 8 of 51
PDF with 248 Questions

Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas
are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to
existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization. Which OAuth URL parameter can be used to retain the original requested page so that
a user can be redirected correctly after OAuth authorization?

  1. Redirect_uri
  2. State
  3. Scope
  4. Callback_uri

Answer(s): A



Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?

  1. User-Agent
  2. IDP-initiated
  3. Sp-Initiated
  4. Web server

Answer(s): B



Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers

  1. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.
  2. Utilize Authorization Providers to allow the third-party application to authenticate itself against Salesforce as the Idp.
  3. Utilize Canvas OAuth flow to allow the third-party application to authenticate itself against Salesforce as the Idp.
  4. Create a registration handler Apex class to allow the third-party application to authenticate itself against Salesforce as the Idp.

Answer(s): A,C



Universal Containers (UC) wants to build a custom mobile app for their field reps to create orders in salesforce. After the first time the users log in, they must be able to access salesforce upon opening the mobile app without being prompted to log in again. What Oauth flows should be considered to support this requirement?

  1. Web Server flow with a Refresh Token.
  2. Mobile Agent flow with a Bearer Token.
  3. User Agent flow with a Refresh Token.
  4. SAML Assertion flow with a Bearer Token.

Answer(s): C



What item should an Architect consider when designing a Delegated Authentication implementation?

  1. The Web service should be secured with TLS using Salesforce trusted certificates.
  2. The Web service should be able to accept one to four input method parameters.
  3. The web service should use the Salesforce Federation ID to identify the user.
  4. The Web service should implement a custom password decryption method.

Answer(s): A






Post your Comments and Discuss Salesforce Certified Identity and Access Management Architect exam dumps with other Community members:

Join the Certified Identity and Access Management Architect Discussion