Universalcontainers (UC) has a classified information system that it's call centre team uses only when they are working on a case with a record type of "classified". They are only allowed to access the system when they own an open "classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO with salesforce as the IDP, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "classified" case record when they try to access the system using SSO.
What is the recommended solution for automatically allowing or denying access to the classified information system based on the open "classified" case record criteria?
- Use a custom connected App handler using apex to dynamically allow access to the system based on whether the staff owns any open "classified" cases.
- Use apex trigger on case to dynamically assign permission sets that grant access when a user is assigned with an open "classified" case, and remove it when the case is closed.
- Use custom SAML jit provisioning to dynamically query the user's open "classified" cases when attempting to access the classified information system
- Use salesforce reports to identify users that currently owns open "classified" cases and should be granted access to the classified information system.
Display Answer Next Question