Salesforce Certified Identity and Access Management Architect: IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT

Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?

A. Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.

B. Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.

C. Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.

D. Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.

Universal Containers (UC) has built a custom time tracking app for its employee. UC wants to leverage Salesforce Identity to control access to the custom app.

At a minimum, which Salesforce license is required to support this requirement?

A. Identity Verification

B. Identity Connect

C. Identity Only

D. External Identity

A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.

What should be done to improve security?

A. Select "Admin approved users are pre-authonzed" and assign specific profiles.

B. Create custom scopes and assign to the connected app.

C. Define a permission set that grants access to the app and assign to authorized users.

D. Leverage external objects and data classification policies.