Salesforce Identity and Access Management Designer Salesforce Certified Identity and Access Management Designer Online Training
Salesforce Identity and Access Management Designer Online Training
The questions for Identity and Access Management Designer were last updated at Dec 09,2025.
- Exam Code: Identity and Access Management Designer
- Exam Name: Salesforce Certified Identity and Access Management Designer
- Certification Provider: Salesforce
- Latest update: Dec 09,2025
A consumer products company uses Salesforce to maintain consumer information, including orders. The company implemented a portal solution using Salesforce Experience Cloud for its consumers where the consumers can log in using their credentials. The company is considering allowing users to login with their Facebook or Linkedln credentials.
Once enabled, what role will Salesforce play?
- A . Facebook and Linkedln will be the SPs.
- B . Salesforce will be the service provider (SP).
- C . Salesforce will be the identity provider (IdP).
- D . Facebook and Linkedln willact as the IdPs and SPs.
An Architect has configured a SAML-based SSO integration between Salesforce and an external Identity provider and is ready to test it. When the Architect attempts to log in to Salesforce using SSO, the Architect receives a SAML error .
Which two optimal actions should the Architect take to troubleshoot the issue?
- A . Ensure the Callback URL is correctly set in the Connected Apps settings.
- B . Use a browser that has an add-on/extension that can inspect SAML.
- C . Paste the SAML Assertion Validator in Salesforce.
- D . Use the browser’s Development tools to view the Salesforce page’s markup.
universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team .
What would be the recommended solution to grant mobile app access to sales users?
- A . Use a custom attribute on the user object to control access to the mobile app
- B . Use connected apps Oauth policies to restrict mobile app access to authorized users.
- C . Use the permission set license to assign the mobile app permission to sales users
- D . Add a new identity provider to authenticate and authorize mobile users.
A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users aregetting error messages when logging in.
Which Salesforce feature should be used to debug the issue?
- A . Apex Exception Email
- B . View Setup Audit Trail
- C . Debug Logs
- D . Login History
Universal containers (UC) wants to integrate a third-party reward calculation system with salesforce to calculate rewards. Rewards will be calculated on a schedule basis and update back into salesforce. The integration between Salesforce and the reward calculation system needs to be secure .
Which are the recommended best practices for using Oauth flows in this scenario? Choose2 answers
- A . Oauth refresh token flow
- B . Oauth SAML bearer assertion flow
- C . Oauthjwt bearer token flow
- D . Oauth Username-password flow
Which two capabilities does My Domain enable in the context of a SAML SSO configuration? Choose 2 answers
- A . App Launcher
- B . Resource deep linking
- C . SSO from Salesforce Mobile App
- D . Login Forensics
Universal Containers (UC) uses Salesforce for its customer service agents. UC has a proprietary system for order tracking which supports Security Assertion Markup Language (SAML) based singlesign-on. The VP of customer service wants to ensure only active Salesforce users should be able to access the order tracking system which is only visible within Salesforce.
What should be done to fulfill the requirement? Choose 2 answers
- A . Setup Salesforce as an identity provider (IdP) for order Tracking.
- B . Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking,
- C . Customize Order Tracking to initiate a REST call to validate users in Salesforce after login.
- D . Setup Order Tracking as a Canvas app in Salesforce to POST IdP initiated SAML assertion.
Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using facebook, UC would like a customer account created automatically in their Accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts .
How can the Architect meet these requirements?
- A . Create a custom application on Heroku that manages the sign-on process from Facebook.
- B . Use JIT Provisioning to automatically create the account in the accounting system.
- C . Add an Apex callout in the registration handler of the authorization provider.
- D . Use OAuth JWT flow to pass the data from Salesforce to the Accounting System.
Universal containers wants salesforceinbound Oauth-enabled integration clients to use SAML-BASED single Sign-on for authentication .
What Oauth flow would be recommended in this scenario?
- A . User-Agent Oauth flow
- B . SAML assertion Oauth flow
- C . User-Token Oauth flow
- D . Web server Oauth flow
Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.
What type of authentication flow is required to support deep linking’
- A . Web Server OAuth SSO flow
- B . Service-Provider-Initiated SSO
- C . Identity-Provider-initiated SSO
- D . Start URL on Identity Provider
Latest Identity and Access Management Designer Dumps Valid Version with 196 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
