A Salesforce Certified Identity and Access Management Designer assesses the architecture environment and requirements and designs sound and scalable technical solutions on the Force.com platform that meet Single Sign On (SSO) requirements. The architect has experience communicating solutions and design trade-offs to business stakeholders. The candidate has a current Salesforce Developer or Platform App Builder credential, and is interested in demonstrating his/her expertise as an Identity and Access Management Designer.
NOTE: Please follow Salesforce official document for any future reference.
In this post we are only share our exam experience with some study notes and some important link for study. As usual before I started my preparation, I have prepared a document and noted down all the points and advice mentioned in Salesforce Documentation. Here is course outline with some important link.
The Salesforce Identity and Access Management Designer exam covers the following topics –
Identity Management Concepts: 28%
- Describe the role(s) an identity provider and service provider play in an access control solution.
- Describe common methods for how to trust connections that are established between two systems and the methodologies used to describe trust between an identity provider and service provider.
- Given a scenario, articulate whether it describes an authentication, authorization, or accounting scenario and what Salesforce feature should be used to accomplish the task.
- Given a scenario, recommend the appropriate method for provisioning users in Salesforce, and other third-party services (SOAP/REST API, SAML JIT, Identity Connect, User Provisioning for Connected Apps, etc.).
- Describe the risks to enterprise security that federated Single Sign-on solutions aim to address.
- Given a scenario, troubleshoot common points of failure that may be encountered in a Single Sign-on solution (SAML, OAuth, etc.).
Accepting Third-Party Identity in Salesforce: 22%
- Describe the components of an identity management solution where Salesforce is accepting identity from a third party.
- Given a scenario, recommend the appropriate authentication mechanism when Salesforce needs to accept Third-Party Identity (Enterprise Directory, Social, Community, etc.).
- Given a scenario, recommend the appropriate method of SAML initiation to fulfill the requirements (SP-init, IdP-init.).
- Describe the components of a Delegated Authentication solution.
- Describe the risks of implementing delegated authentication.
Salesforce as an Identity Provider: 23%
- Given a scenario, determine the most appropriate flow type to recommend when implementing an OAuth solution where Salesforce is providing identity to a third party (for example, User-Agent, Web Server, JWT, etc.).
- Describe the various implementation concepts of OAuth (for example; scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.).
- Describe the role(s) Connected Apps play when Salesforce needs to provide identity to a third-party system.
- Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the third-party system (Canvas, Connected Apps, App Launcher, etc.).
Access Management Best Practices: 15%
- Describe the risks that Two-Factor Authentication mechanisms aim to mitigate.
- Given a scenario, determine the most appropriate Two-Factor Authentication mechanism for an identity solution.
- Given a scenario, identify the risks and mitigation strategies that session security and Two-Factor Authentication enable (for example; High Assurance Sessions, 2FA, etc.).
Salesforce Identity: 7%
- Given a scenario, recommend the most appropriate Salesforce license type(s) to support the identity requirements.
- Describe the role(s) Identity Connect plays in an Identity Management solution.
Community (Partner and Customer): 5%
- Describe the capabilities for customizing the registration experience for external communities (for example; Branding options, self-registration, communications, etc.).
For Further Learning Please check Apex Hours playlist.
- Login Flows in Salesforce
- Multi-Factor Authentication in Salesforce (MFA)
- Single Sign-On
- Identity Flow : OAuth 2.0