Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Salesforce
  5. Certified Identity and Access Management Designer

Salesforce Certified Identity and Access Management Designer Exam
Certified Identity and Access Management Designer (Page 2 )

Updated On: 7-Feb-2026
Page 2 of 48
PDF with 230 Questions

A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.

Which authentication mechanism should an identity architect recommend to meet the requirements?

  1. OpenID Connect
  2. User Agent Flow
  3. JWT Bearer Token Flow
  4. Web Server Flow

Answer(s): D



Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce.
What recommendation should an architect make to meet this requirement?

  1. Use on-the-fly provisioning
  2. Usejust-in-time provisioning
  3. Use salesforce APIs to create users on the fly
  4. Use Identity connect to sync users

Answer(s): B



In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider.
What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?

  1. RedirectURL
  2. RelayState
  3. DisplayState
  4. StartURL

Answer(s): B



Universal Containers (UC)plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources.
What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?

  1. Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.
  2. Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.
  3. Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.
  4. Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.

Answer(s): D



Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce.
What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?

  1. Web Server flow
  2. JWT Bearer Token flow
  3. Username-Password flow
  4. User Agent flow

Answer(s): B






Post your Comments and Discuss Salesforce Certified Identity and Access Management Designer exam prep with other Community members:

Join the Certified Identity and Access Management Designer Discussion