Salesforce Identity-and-Access-Management-Designer Actual Free Exam Questions & Community Discussion

Exam Code/Number: Identity-and-Access-Management-Designer
Exam Name/Title: Salesforce Certified Identity and Access Management Designer
Certification Provider: Salesforce
Corresponding Certification: Salesforce Identity and Access Management Designer

Exam Questions: 245
Updated On: Jun 03, 2026

Question #34

What are three capabilities of Delegated Authentication? Choose 3 answers

A. It can connect to SOAP services.

B. It can connect to REST services.

C. It can be assigned by Custom Permissions.

D. It can be assigned by Permission Sets.

E. It can be assigned by Profiles.

Discussion 0

Correct Answer: A,B,D Vote an answer

Question #35

Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?

A. Identity Connect will only support SP-initiated SAML flows in UC's current environment.

B. Identity connect is not compatible with UC's current identity environment.

C. Identity Connect will only support Idp-initiated SAML flows in UC's current environment.

D. Identity Connect will not support user provisioning in UC's current environment.

Discussion 0

Correct Answer: D Vote an answer

Question #36

Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.
How should an identity architect implement this requirement?

A. Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.

B. Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.

C. Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.

D. Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time (JIT) provisioning.

Discussion 0

Correct Answer: C Vote an answer

Question #37

Universal Containers (UC) is building an authenticated Customer Community for its customers. UC does not want customer credentials stored in Salesforce and is confident its customers would be willing to use their social media credentials to authenticate to the community. Which two actions should an Architect recommend UC to take?

A. Configure an Authentication Provider for LinkedIn Social Media Accounts.

B. Create a Custom Apex Registration Handler to handle new and existing users.

C. Use Delegated Authentication to call the Twitter login API to authenticate users.

D. Configure SSO Settings For Facebook to serve as a SAML Identity Provider.

Discussion 0

Correct Answer: A,B Vote an answer

Question #38

Universal Containers (UC) has a desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and Salesforce should be seamless. What Authorization flow should the Architect recommend?

A. Username and Password Flow

B. User Agent Flow

C. Web Server Authentication Flow

D. JWT Bearer Token Flow

Discussion 0

Correct Answer: B Vote an answer

Question #39

Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?

A. Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.

B. Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.

C. Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.

D. Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.

Discussion 0

Correct Answer: D Vote an answer

Question #40

Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user: How can this requirement be met?

A. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.

B. Use the updateUser method on the registration Handler Class.

C. Use information in the signed Request that is received from facebook.

D. Develop a scheduled job that calls out to Facebook on a nightly basis.

Discussion 0

Correct Answer: B Vote an answer

Question #41

Universal containers (UC) wants to implement a partner community. As part of their implementation, UC would like to modify both the Forgot password and change password experience with custom branding for their partner community users. Which 2 actions should an architect recommend to UC? Choose 2 answers

A. Build a custom visualforce page for the change password experience and a community builder page for the Forgot password experience.

B. Build a community builder page for both the change password and Forgot password experiences.

C. Build a custom visualforce page for both the change password and Forgot password experiences.

D. Build a community builder page for the change password experience and Custom Visualforce page for the Forgot password experience.

Discussion 0

Correct Answer: A,C Vote an answer

Question #42

An Enterprise is using a Lightweight Directory Access Protocol (LDAP ) server as the only point for user authentication with a username/password. Salesforce delegated authentication is configured to integrate Salesforce under single sign-on (SSO).
Mow can end users change their password?

A. Users can click on the "Forgot your Password" link on the Salesforce.com login page.

B. Users once logged In, can go to the Change Password screen in Salesforce.

C. Users can change it on the enterprise LDAP authentication portal.

D. Users can request the Salesforce Admin to reset their password.

Discussion 0

Correct Answer: D Vote an answer

Question #43

Universal Containers (UC) is planning to add Wi-Fi enabled GPS tracking devices to its shipping containers so that the GPS coordinates data can be sent from the tracking device to its Salesforce production org via a custom API. The GPS devices have no direct user input or output capabilities.
Which OAuth flow should the identity architect recommend to meet the requirement?

A. OAuth 2.0 Web Server Flow for Web App Integration

B. OAuth 2.0 Asset Token Flow for Securing Connected Devices

C. OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration

D. OAuth 2.0 Username-Password Flow for Special Scenarios

Discussion 0

Correct Answer: B Vote an answer

Question #44

A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication.
Which three functions meet the Salesforce criteria for secure mfa?
Choose 3 answers

A. Lightning Login

B. Third-party single sign-on with Mobile Authenticator app

C. Username and password + secunty key

D. username and password + SMS passcode

E. Certificate-based Authentication

Discussion 0

Correct Answer: A,B,C Vote an answer

Download Free Salesforce Identity-and-Access-Management-Designer Demo

Simply submit your e-mail address below to get started with our free demo of your Salesforce Identity-and-Access-Management-Designer exam.