Certified Salesforce Identity and Access Management cloud Architect

Identity Management Concepts -17%

- Describe common authentication patterns and understand the differences between each one.

- Describe the building blocks that are part of an identity solution (authentication, authorization, & accountability) and how you enable those building blocks using Salesforce features.

- Describe how trust is established between two systems.

- Given a scenario, recommend the appropriate method for provisioning users in Salesforce.

- Given a scenario, troubleshoot common points of failure that may be encountered in a single sign-on solution (SAML, OAuth, etc.)

Accepting Third-Party Identity in Salesforce - 21%

- Given a use case, describe when Salesforce is used as a Service Provider.

- Given a scenario, recommend the most appropriate way to provision users from identity stores in B2E and B2C scenarios.

- Given a scenario, recommend the appropriate authentication mechanism when Salesforce needs to accept 3rd Party Identity (Enterprise Directory, Social, Community, etc.).

- Given a scenario, identify the ways that users can be provisioned in Salesforce to enable SSO and apply access rights.

- Given a scenario, identify the auditing and monitoring approaches available on the platform, and describe the tools that are available to diagnose IdP issues.

Salesforce as an Identity Provider - 17%

- Given a scenario, identify the most appropriate OAuth flow (Web based, JWT, User agent, Device auth flow).

- Given a scenario, recommend appropriate Scope and Configuration of the connected App for Authorization.

- Describe the various implementation concepts of OAuth (scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.).

- Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the 3rd party system. (Canvas, Connected Apps, App Launcher, etc.).

Access Management Best Practices - 15%

- Given a set of requirements, determine the most appropriate methods of multi-factor authentication to use, and the right type of session they should yield.

- Given a scenario, how should you best assign roles, profiles, and permission sets to a user during the SSO process, how would you keep these assignments up to date.

- Given a scenario, describe what tools you can apply to audit and verify the activity/user during and after login.

- Given a scenario, identify the configuration settings for a Connected app.

Salesforce Identity - 12%

- Given a set of requirements, identify the role Identity Connect product plays in a Salesforce Identity implementation.

- Given a scenario identify if Salesforce Customer 360 Identity fits into a fully developed Customer 360 solution.

- Give a set of requirements, recommend the most appropriate Salesforce license type(s).

Community (Partner and Customer) -18%

- Describe the capabilities for customizing the user experience for Experience Cloud (Branding options, authentication options, identity verification self-registration, communications, password reset etc.).

- Given a set of requirements, determine the best way to support external identity providers in communities and leverage the right user/contact model to support community user experience.

- Given a requirement, understand the advantages and limitations of External Identity solutions and associated licenses.

- Given a scenario, determine when to use embedded login.