A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.

Which authentication mechanism should an identity architect recommend to meet the requirements?

  1. OpenID Connect
  2. User Agent Flow
  3. JWT Bearer Token Flow
  4. Web Server Flow

Answer(s): D

Universal Containers (UC) has built a custom time tracking app for its employee. UC wants toleverage Salesforce Identity to control access to the custom app.

At a minimum, which Salesforce license is required to support this requirement?

  1. Identity Verification
  2. Identity Connect
  3. Identity Only
  4. External Identity

Answer(s): C

Universal Containers (UC) is building an authenticated Customer Community for its customers. UC does not want customer credentials stored in Salesforce and is confident its customers would bewilling to use their social media credentials to authenticate to the community.
Which two actions should an Architect recommend UC to take?

  1. Use Delegated Authentication to call the Twitter login API to authenticate users.
  2. Configure an AuthenticationProvider for LinkedIn Social Media Accounts.
  3. Create a Custom Apex Registration Handler to handle new and existing users.
  4. Configure SSO Settings For Facebook to serve as a SAML Identity Provider.

Answer(s): B,C

An Architect has configured a SAML-based SSO integration between Salesforce and an external Identity provider and is ready to test it. When the Architect attempts to log in to Salesforce using SSO, the Architect receives a SAML error.
Which two optimal actions should the Architect take to troubleshoot the issue?

  1. Ensure the Callback URL is correctly set in the Connected Apps settings.
  2. Use a browser thathas an add-on/extension that can inspect SAML.
  3. Paste the SAML Assertion Validator in Salesforce.
  4. Use the browser's Development tools to view the Salesforce page's markup.

Answer(s): B,C

Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

  1. Trust relationships betweenIdentity Provider and Service Provider are required.
  2. SAML tokens can be in XML or JSON format and can be used interchangeably.
  3. Web applications with no passwords are more secure and stronger against attacks.
  4. Access tokens are used to access resources on the server once the user is authenticated.
  5. Centralized federation provides single point of access, control and auditing.

Answer(s): A,D,E