Salesforce Identity and Access Management Architect Credential
The Salesforce Certified Identity and Access Management credential is designed for identity professionals who want to demonstrate their knowledge, skills and capabilities at assessing identity architecture; designing secure, high-performance access management solutions on the Customer 360 platform; communicating technical solutions effectively to business and technical stakeholders.
An Identity professional should be able to do the following in order to pass the exam:
◉ Design an identity architecture that may span multiple platforms and include integration and authentication across systems.
◉ Articulate system design considerations, benefits, and recommendations for identity architecture.
◉ Apply general identity and access management best practices to Salesforce implementations.
Purpose of this Exam Guide
This exam guide is designed to help candidates evaluate their readiness to pass the Salesforce Certified Identity and Access Management Architect exam. This guide provides information about the target audience for the certification exam, recommended training and documentation, and a complete list of exam objectives—all with the intent of helping candidates achieve a passing score. Salesforce highly recommends a combination of on-the-job experience and self-study to maximize the likelihood of passing the exam.
Audience Description
A Salesforce Certified Identity and Access Management Architect assesses the environment and requirements to design secure and scalable identity management solutions on the Customer 360 platform. The architect has experience designing and implementing complex identity and access management strategies; as well as communicating the solution and design trade-offs to business and technical stakeholders alike.
The Salesforce Certified Identity and Access Management Architect has the following background:
◉ 1+ years of experience designing and implementing Identity and Access Management solutions in the Salesforce Customer 360 platform
◉ 2+ years of identity and/or security technology experience
Typical job roles may include:
◉ Enterprise Architect
◉ Technical Architect
◉ Security Architect
◉ Integration Architect
◉ Identity Architect
◉ Solution Architect
The Salesforce Certified Identity and Access Management Architect candidate has the experience, skills, knowledge, and ability to:
◉ Understand the difference between Federated and Delegated Single Sign-on
◉ Gather requirements and configure delegated authentication in Salesforce
◉ Gather requirements and configure SAML in Salesforce
◉ Know the difference between Identity Provider Initiated SAML and Service Provider Initiated SAML and when to use each
◉ Know how trust is established between an Identity Provider and a Service Provider
◉ Determine the general identity federation capabilities that are available for a given project
◉ Explain high-level concepts and flows of OAuth, SAML, and OpenID Connect.
◉ Explain Social Sign-On in the context of Salesforce
◉ Explain authentication mechanisms for Communities
◉ Identify the cause and resolve common failure conditions for SSO in Salesforce
◉ Explain why a solid SSO strategy is important for enterprise security
◉ Know why Two Factor Authentication is important and strategies for implementing it in Salesforce
◉ Explain the use of Login Flows
◉ Determine the applicable use cases for Identity Connect
◉ Determine appropriate user lifecycle management techniques (automated user provisioning, just-in-time provisioning, manual account creation, etc) for a given project
A candidate for this exam will likely need assistance in:
◉ Write APEX
◉ Networking and domain management as it relates to Identity
◉ Configure Salesforce for automated user lifecycle management via user provisioning and Connected Apps (click path)
◉ Configure Salesforce to support Social Sign-On and Registration (click path)
A candidate for this exam is not expected to know:
◉ Specific IDP technology capabilities outside of Salesforce.
◉ Obtaining signed certificates
Salesforce Identity and Access Management Architect Exam Summary:
| Exam Name | Salesforce Certified Identity and Access Management Architect |
| Exam Code | Identity and Access Management Architect |
| Exam Price | Registration fee: $400 USD Retake fee: $200 USD |
| Duration | 120 minutes |
| Number of Questions | 60 |
| Passing Score | 67% |
| Recommended Training / Books | Architect Journey: Identity and Access Management |
| Sample Questions | Salesforce Identity and Access Management Architect Sample Questions |
| Recommended Practice | Salesforce Certified Identity and Access Management Architect Practice Test |
Salesforce Identity and Access Management Architect Syllabus:
| Section | Objectives | Weights |
| Identity Management Concepts | - Describe common authentication patterns and understand the differences between each one. - Describe the building blocks that are part of an identity solution (authentication, authorization, & accountability) and how you enable those building blocks using Salesforce features. - Describe how trust is established between two systems. - Given a scenario, recommend the appropriate method for provisioning users in Salesforce. - Given a scenario, troubleshoot common points of failure that may be encountered in a single sign-on solution (SAML, OAuth, etc.) |
17% |
| Accepting Third-Party Identity in Salesforce | - Given a use case, describe when Salesforce is used as a Service Provider. - Given a scenario, recommend the most appropriate way to provision users from identity stores in B2E and B2C scenarios. - Given a scenario, recommend the appropriate authentication mechanism when Salesforce needs to accept 3rd Party Identity (Enterprise Directory, Social, Community, etc.). - Given a scenario, identify the ways that users can be provisioned in Salesforce to enable SSO and apply access rights. - Given a scenario, identify the auditing and monitoring approaches available on the platform, and describe the tools that are available to diagnose IdP issues. |
21% |
| Salesforce as an Identity Provider | - Given a scenario, identify the most appropriate OAuth flow (Web based, JWT, User agent, Device auth flow). - Given a scenario, recommend appropriate Scope and Configuration of the connected App for Authorization. - Describe the various implementation concepts of OAuth (scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.). - Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the 3rd party system. (Canvas, Connected Apps, App Launcher, etc.). |
17% |
| Access Management Best Practices | - Given a set of requirements, determine the most appropriate methods of multi-factor authentication to use, and the right type of session they should yield. - Given a scenario, how should you best assign roles, profiles, and permission sets to a user during the SSO process, how would you keep these assignments up to date. - Given a scenario, describe what tools you can apply to audit and verify the activity/user during and after login. - Given a scenario, identify the configuration settings for a Connected app. |
15% |
| Salesforce Identity | - Given a set of requirements, identify the role Identity Connect product plays in a Salesforce Identity implementation. - Given a scenario identify if Salesforce Customer 360 Identity fits into a fully developed Customer 360 solution. - Give a set of requirements, recommend the most appropriate Salesforce license type(s). |
12% |
| Community (Partner and Customer) | - Describe the capabilities for customizing the user experience for Experience Cloud (Branding options, authentication options, identity verification self-registration, communications, password reset etc.). - Given a set of requirements, determine the best way to support external identity providers in communities and leverage the right user/contact model to support community user experience. - Given a requirement, understand the advantages and limitations of External Identity solutions and associated licenses. - Given a scenario, determine when to use embedded login. |
18% |
No comments:
Post a Comment