A Salesforce Certified Identity and Access Management Designer assesses the architecture environment and requirements and designs sound and scalable technical solutions on the Force.com platform that meet Single Sign On (SSO) requirements. The architect has experience communicating solutions and design trade-offs to business stakeholders. The candidate has a current Salesforce Developer or Platform App Builder credential, and is interested in demonstrating his/her expertise as an Identity and Access Management Designer.
NOTE: Please follow Salesforce official document for any future reference.
In this post we are only share our exam experience with some study notes and some important link for study. As usual before I started my preparation, I have prepared a document and noted down all the points and advice mentioned in Salesforce Documentation. Here is course outline with some important link.
Who is the Salesforce Certified Integration Architecture Designer?
The candidate looking to obtain the Integration Architecture Designer Certification assesses the architecture environment and requirements and designs sound and scalable technical solutions on the Force.com platform that meet end-to-end integration requirements. The candidate has experience communicating solutions and design trade-offs to business stakeholders.
- Has 5+ years of delivery experience.
- Provides experienced guidance on the appropriate choice of on-platform and off-platform technology.
- Understands integration capabilities and patterns, design trade-offs, and has the ability to communicate design choices.
- Has held a technical architect role on multiple complex deployments or has gained equivalent knowledge through participation and exposure to these types of projects [either with single or multiple projects].
- Has a thorough understanding of Web Services in general and SOAP and REST specifically; understands the basic workings of HTTP/S.
- Understands the different Force.com APIs and is able to design solutions using the appropriate API.
- Understands data migration considerations, design trade-offs, and common ETL tools.
- Has experience with common integration patterns used on the Force.com Platform.
- Understands patterns/mechanisms to secure integrations, such as TLS for HTTP.
Read on for details about the Salesforce Identity and Access Management Designer exam
- Content: 60 multiple-choice/multiple-select questions
- Time allotted to complete the exam: 120 minutes
- Passing score: 65%
The Salesforce Identity and Access Management Designer exam covers the following topics –
Identity Management Concepts: 28%
- Describe the role(s) an identity provider and service provider play in an access control solution.
- Describe common methods for how to trust connections that are established between two systems and the methodologies used to describe trust between an identity provider and service provider.
- Given a scenario, articulate whether it describes an authentication, authorization, or accounting scenario and what Salesforce feature should be used to accomplish the task.
- Given a scenario, recommend the appropriate method for provisioning users in Salesforce, and other third-party services (SOAP/REST API, SAML JIT, Identity Connect, User Provisioning for Connected Apps, etc.).
- Describe the risks to enterprise security that federated Single Sign-on solutions aim to address.
- Given a scenario, troubleshoot common points of failure that may be encountered in a Single Sign-on solution (SAML, OAuth, etc.).
Accepting Third-Party Identity in Salesforce: 22%
- Describe the components of an identity management solution where Salesforce is accepting identity from a third party.
- Given a scenario, recommend the appropriate authentication mechanism when Salesforce needs to accept Third-Party Identity (Enterprise Directory, Social, Community, etc.).
- Given a scenario, recommend the appropriate method of SAML initiation to fulfill the requirements (SP-init, IdP-init.).
- Describe the components of a Delegated Authentication solution.
- Describe the risks of implementing delegated authentication.
Salesforce as an Identity Provider: 23%
- Given a scenario, determine the most appropriate flow type to recommend when implementing an OAuth solution where Salesforce is providing identity to a third party (for example, User-Agent, Web Server, JWT, etc.).
- Describe the various implementation concepts of OAuth (for example; scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.).
- Describe the role(s) Connected Apps play when Salesforce needs to provide identity to a third-party system.
- Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the third-party system (Canvas, Connected Apps, App Launcher, etc.).
Access Management Best Practices: 15%
- Describe the risks that Two-Factor Authentication mechanisms aim to mitigate.
- Given a scenario, determine the most appropriate Two-Factor Authentication mechanism for an identity solution.
- Given a scenario, identify the risks and mitigation strategies that session security and Two-Factor Authentication enable (for example; High Assurance Sessions, 2FA, etc.).
Salesforce Identity: 7%
- Given a scenario, recommend the most appropriate Salesforce license type(s) to support the identity requirements.
- Describe the role(s) Identity Connect plays in an Identity Management solution.
Community (Partner and Customer): 5%
- Describe the capabilities for customizing the registration experience for external communities (for example; Branding options, self-registration, communications, etc.).
For Further Learning Please check Apex Hours playlist.
- Login Flows in Salesforce
- Multi-Factor Authentication in Salesforce (MFA)
- Single Sign-On
- Identity Flow : OAuth 2.0
Learn Materials for Salesforce Identity and Access exam
Here are some comprehensive general resources that are a good starting place for your self-
Technologies and Overall Integration Strategy
Integration Patterns Overview : This article provides an overview of the fundamental developer integration points available on the Force.com platform. After reading this article, you will be aware of approaches you could take, and you’ll have enough pointers to more in-depth material to implement your integration.
UML 2 Sequence Diagrams: An Agile Introduction : UML sequence diagrams model the flow of logic within your system in a visual manner, enabling you to document and validate your logic, and are commonly used for both analysis and design purposes. Sequence diagrams are the most popular UML artifact for dynamic modeling, which focuses on identifying the behavior within your system.
Integration Solution Tools
Best practices to avoid excessive SOAP and REST API DML : When developing integration applications using the Force.com SOAP API or REST API, you should make sure your code is as efficient as possible to avoid poor performance or API limit issues due to excessive API calls. See the following best practices for tips on making your integration code as efficient as possible.
Differences between Salesforce provided WSDL files : Salesforce provides a WSDL (Web Service Description Language) files. They are called “Enterprise WSDL” and “Partner WSDL”.
Describe the risks and impacts when designing an integration with a cloud-based system.
Certificates and Keys : Salesforce certificates and key pairs are used for signatures that verify a request is coming from your organization.
Secure an integration inbound to Salesforce.
Connected Apps : This webpage provides an introduction to Salesforce Connected Apps and their use to provide application-specific permissions.
OAuth Authorization Flows : This article takes an in-depth look at the OAuth 2.0 protocol in the context of Force.com, and is intended for developers and architects with an understanding of security and identity concepts, such as authentication and authorization.