Identity and Access Management Designer STUDY GUIDE
IDENTITY MANAGEMENT CONCEPTS 28%
Describe the role(s) an identity provider and service provider play in an access control solution.
Describe common methods for how trust connections are established between two systems and the methodologies used to describe trust between an identity provider and service provider.
Given a scenario, articulate whether it describes an authentication, authorization, or accounting scenario and what Salesforce feature should be used to accomplish the task.
Given a scenario, recommend the appropriate method for provisioning users in Salesforce and other third-party services (SOAP/REST API, SAML JIT, Identity Connect, User Provisioning for Connected Apps, etc.).
Describe the risks to enterprise security that federated Single Sign-on solutions aim to address.
Given a scenario, troubleshoot common points of failure that may be encountered in a Single Sign-on solution (SAML, OAuth, etc.).
ACCEPTING THIRD-PARTY IDENTITY 22%
Describe the components of an identity management solution where Salesforce is accepting identity from a third party.
Given a scenario, recommend the appropriate authentication mechanism when Salesforce needs to accept Third-Party Identity (Enterprise Directory, Social, Community, etc.).
Given a scenario, recommend the appropriate method of SAML initiation to fulfill the requirements (SP-init, IdP-init.).
Describe the components of a Delegated Authentication solution.
Describe the risks of implementing delegated authentication.
SALESFORCE AS AN IDENTITY PROVIDER 23%
Given a scenario, determine the most appropriate flow type to recommend when implementing an OAuth solution where Salesforce is providing identity to a third party (for example, User Agent, Web Server, JWT, etc.).
Describe the various implementation concepts of OAuth (for example; scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.).
Describe the role(s) Connected Apps play when Salesforce needs to provide identity to a third-party system.
Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the third-party system (Canvas, Connected Apps, App Launcher, etc.).
ACCESS MANAGEMENT BEST PRACTICES 15%
Describe the risks that Two-Factor Authentication mechanisms aim to mitigate.
Given a scenario, determine the most appropriate Two-Factor Authentication mechanism for an identity solution.
Given a scenario, identify the risks and mitigation strategies that session security and Two-Factor Authentication enable (for example; High Assurance Sessions, 2FA, etc.).
SALESFORCE IDENTITY 7%
Given a scenario, recommend the most appropriate Salesforce license type(s) to support the identity requirements.
Describe the role(s) Identity Connect plays in an Identity Management solution.
COMMUNITY (PARTNER AND CUSTOMER) 5%
Describe the capabilities for customizing the registration experience for external communities (for example; Branding options, self-registration, communications, etc.).