← Back to exam page

Identity-and-Access-Management-Designer Salesforce Certified Identity and Access Management Designer (SP19)

Loading demo links...

Showing 4–6 of 10 questions

Question 4

Universal Containers (UC) has decided to use Salesforce as an Identity Provider for multiple external applications. UC wants to use the salesforce App Launcher to control the Apps that are available to individual users. Which three steps are required to make this happen?

Select all that apply, then click Submit answer.

  • Add each connected App to the App Launcher with a Start URL.

  • Set up an Auth Provider for each External Application.

  • Set up Salesforce as a SAML Idp with My Domain.

  • Set up Identity Connect to Synchronize user data.

  • Create a Connected App for each external application.
Question 5

Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups.

Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers

Select all that apply, then click Submit answer.

  • Use the salesforce REST API to sync users from active directory to salesforce

  • Use an app exchange product to sync users from Active Directory to salesforce.

  • Use Active Directory Federation Services to sync users from active directory to salesforce.

  • Use Identity connect to sync users from Active Directory to salesforce
Question 6

Universal containers (UC) has a classified information system that it's call centre team uses only when they are working on a case with a record type of "classified". They are only allowed to access the system when they own an open "classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO with salesforce as the IDP, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying access to the classified information system based on the open "classified" case record criteria?

Select an option, then click Submit answer.

  • Use a custom connected App handler using apex to dynamically allow access to the system based on whether the staff owns any open "classified" cases.

  • Use apex trigger on case to dynamically assign permission sets that grant access when a user is assigned with an open "classified" case, and remove it when the case is closed.

  • Use custom SAML jit provisioning to dynamically query the user's open "classified" cases when attempting to access the classified information system

  • Use salesforce reports to identify users that currently owns open "classified" cases and should be granted access to the classified information system.