What is the recommended solution for automatically allowing or denying the access to the classified information system based on the open "classified" case record criteria?

Universal Containers (UC) has a classified information system that its call center team uses only when they are working on a case with a record type "Classified". They are only allowed to access the system when they own an open "Classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO eith Salesforce as the Idp, and automatically allow or deny the staff’s access to the classified information system based on whether they currently own an open "Classified" case record when they try to access the system using SSO.

What is the recommended solution for automatically allowing or denying the access to the classified information system based on the open "classified" case record criteria?
A . Use Salesforce reports to identify users that currently owns open "Classified" cases and should be granted access to the Classified information system.
B. Use Apex trigger on case to dynamically assign permission Sets that Grant access when an user is assigned with an open "Classified" case, and remove it when the case is closed.
C. Use Custom SAML JIT Provisioning to dynamically query the user’s open "Classified" cases when attempting to access the classified information system.
D. Use a Common Connected App Handler using Apex to dynamically allow access to the system based on whether the staff owns any open "Classified" Cases.

View Answer

Answer: D