Describe the components of a Delegated Authentication solution.

Use Cases Integrate Salesforce with the authentication method of your choice like LDAP. Authentication can be done with Token instead of password. Delegated authentication is managed at permission level and not at org level. Contact Salesforce for enabling Delegated authentication. There may be a slight delay in the login process. Benefits Uses a stronger form […]

Given a scenario, recommend the appropriate method of SAML initiation to fulfill the requirements (SP-init, IdP-init.).

Terminology Identity Provider An Identity Provider is a kind of provider that creates, maintains, and manages identity information for principals and provides principal authentication to other service providers within a federation, such as with web browser profiles It provides authentication for it’s users Service Provider A Service Provider provides services to principals or other system […]

Describe the components of an identity management solution where Salesforce is accepting identity from a third party

My Domain My Domain is sort of like creating your own empire within the Salesforce universe. It’s a Salesforce Identity feature that lets you personalize your Salesforce org by creating a subdomain (empire) within the Salesforce domain (universe). Salesforce requires you to have a My Domain subdomain in place to: Work in multiple Salesforce orgs […]

Given a scenario, troubleshoot common points of failure that may be encountered in a Single Sign-on solution (SAML, OAuth, etc.).

Delegated Authentication If Delegated authentication is enabled and if there are login errors, details can be viewed under setup → Delegated Authentication Error History We can get details about the recent twenty one errors that can be filtered by username, login time and error. If Salesforce and the third party system cannot connect or if […]

Given a scenario, recommend the appropriate method for provisioning users in Salesforce and other third-party services (SOAP/REST API, SAML JIT, Identity Connect, User Provisioning for Connected Apps, etc.).

SOAP/REST API Both Internal and External users can be provisioned by using SOAP and REST API on the User object. While creating External users it is required to associate a valid contact and account to the user and the account must be owned by a Salesforce user that has role. To create or update a […]

Given a scenario, articulate whether it describes an authentication, authorization, or accounting scenario and what Salesforce feature should be used to accomplish the task

Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to resources, enforcing policies, auditing usage, and providing the information necessary as required. These combined processes are considered important for effective application management and security. AAA provides a method to identify which users are logged into the application and each user’s authority level. […]

Describe the role(s) an Identity Provider and Service Provider play in an access control solution

Identity Provider An identity provider is a trusted provider that lets use single sign-on (SSO) to access other websites. Salesforce can be enabled as a Identity Provider and multiple service providers can be defined to enable access to multiple applications using Single Sign On (SSO). Before enabling Salesforce as an identity provider set up a […]

Identity and Access Management Designer

Identity Management Concepts: 28% Describe the role(s) an identity provider and service provider play in an access control solution. Describe common methods for how trust connections are established between two systems and the methodologies used to describe trust between an identity provider and service provider. Given a scenario, articulate whether it describes an authentication, authorization, […]