Certification Exam Guide SALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER. Winter Salesforce.com, inc. All rights reserved.

Similar documents
Certification Exam Guide SALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER. Summer Salesforce.com, inc. All rights reserved.

SALESFORCE CERTIFIED DEVELOPMENT LIFECYCLE AND DEPLOYMENT DESIGNER

SALESFORCE CERTIFIED MOBILE SOLUTIONS ARCHITECTURE DESIGNER

SALESFORCE CERTIFIED FIELD SERVICE LIGHTNING CONSULTANT

SALESFORCE CERTIFIED MARKETING CLOUD SOCIAL SPECIALIST

SALESFORCE CERTIFIED SERVICE CLOUD CONSULTANT

SALESFORCE CERTIFIED PLATFORM APP BUILDER

SALESFORCE CERTIFIED SALES CLOUD CONSULTANT

SALESFORCE CERTIFIED PARDOT SPECIALIST

SALESFORCE CERTIFIED MARKETING CLOUD SPECIALIST

SALESFORCE CERTIFIED PLATFORM DEVELOPER I

Certification Exam Guide SALESFORCE CERTIFIED MARKETING CLOUD CONSULTANT. Winter Salesforce.com, inc. All rights reserved.

SALESFORCE CERTIFIED ADMINISTRATOR

Certification Exam Guide SALESFORCE CERTIFIED SHARING AND VISIBILITY DESIGNER. Spring Salesforce.com, inc. All rights reserved.

SALESFORCE CERTIFIED TECHNICAL ARCHITECT

SALESFORCE CERTIFIED MOBILE SOLUTIONS ARCHITECTURE DESIGNER

SALESFORCE CERTIFIED DEVELOPMENT LIFECYCLE AND DEPLOYMENT DESIGNER

SALESFORCE CERTIFIED SERVICE CLOUD CONSULTANT

SALESFORCE CERTIFIED MARKETING CLOUD SOCIAL SPECIALIST

SALESFORCE CERTIFIED CPQ SPECIALIST

SALESFORCE CERTIFIED SALES CLOUD CONSULTANT

SALESFORCE CERTIFIED COMMERCE CLOUD TECHNICAL SOLUTION DESIGNER

SALESFORCE CERTIFIED PLATFORM APP BUILDER

SALESFORCE CERTIFIED ADMINISTRATOR

SALESFORCE CERTIFIED MARKETING CLOUD SPECIALIST

SALESFORCE CERTIFIED MARKETING CLOUD SPECIALIST

Certification Exam Guide SALESFORCE CERTIFIED MARKETING CLOUD CONSULTANT. Winter Salesforce.com, inc. All rights reserved.

SALESFORCE CERTIFIED PLATFORM DEVELOPER I

SALESFORCE CERTIFIED TECHNICAL ARCHITECT

Certification Exam Guide SALESFORCE CERTIFIED A DVANCED ADMINISTRATOR. Winter Salesforce.com, inc. All rights reserved.

SALESFORCE CERTIFIED PARDOT SPECIALIST

SALESFORCE CERTIFIED B2C COMMERCE DEVELOPER

Salesforce Certified Force.com Developer Study Guide

Salesforce Certified Marketing Cloud Consultant Study Guide

Salesforce.com Certified Administrator Study Guide

Salesforce Certified Administrator Study Guide

Expertise that goes beyond experience.

ForgeRock Access Management Core Concepts AM-400 Course Description. Revision B

Salesforce External Identity Implementation Guide

Exam Preparation Guide HP0-M94: Advanced LoadRunner 9.5 Software Exam

SSO Integration Overview

TRAINING & CERTIFICATION. Salesforce.com Certified Force.com Developer Study Guide

This course contains the subject matter to prepare candidates for the ivanti Certified Service Desk 2017 Administrator exam.

TRAINING & CERTIFICATION. Salesforce.com Certified Force.com Advanced Developer Study Guide

Salesforce External Identity Implementation Guide

Salesforce External Identity Implementation Guide

SAP Security in a Hybrid World. Kiran Kola

Adobe Experience Manager 6 Business Practitioner Adobe Certified Expert Exam Guide

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

October J. Polycom Cloud Services Portal

W H IT E P A P E R. Salesforce Security for the IT Executive

5 OAuth Essentials for API Access Control

Partner Center: Secure application model

Project Management Professional (PMP) / Certified Associate in Project Management (CAPM) Certification Exam Preparation 1

Administering Jive Mobile Apps for ios and Android

HP Certified Professional ProCurve Routing Switch Essentials v5.21 Exam (HP0-790) Exam Preparation Guide

Project Management Professional (PMP) Exam Preparation elearning Course

HP Certified Professional

Enterprise Content Management. Nautilus Training Catalog

5 OAuth EssEntiAls for APi AccEss control layer7.com

At Course Completion: Course Outline: Course 20742: Identity with Windows Server Learning Method: Instructor-led Classroom Learning

Education Brochure. Education. Accelerate your path to business discovery. qlik.com

Project 2007 Certification Exams

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

Centrify for Dropbox Deployment Guide

Adobe Target Analyst Adobe Certified Expert Exam Guide

Enterprise Content Management. Nautilus Training Catalog

The Changing Face/Fate of Identity

HANDS-ON ACTIVITIES IDENTITY & ACCESS MANAGEMENT FEBRUARY, Hands-on Activities: Identity & Access Management 1

WHO SHOULD ATTEND COURSE OUTLINE. Course Outline :: PROJECT MANAGEMENT PROFESSIONAL (PMP) EXAMINATION PREPARATORY COURSE::

Certification Program Handbook. Okta Inc. 301 Brannan Street San Francisco, CA

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

TIPA Lead Assessor for ITIL

Salesforce Security Guide

CXD-203: Managing App and Desktop Solutions with Citrix XenApp and XenDesktop 7.5

BIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1

Integrated Access Management Solutions. Access Televentures

Identity Implementation Guide

NE-2277 Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services

Cisco Certified Design Expert CCDE. Gert De Laet Business Development

Liferay Security Features Overview. How Liferay Approaches Security

M20742-Identity with Windows Server 2016

Identity Implementation Guide

Adobe Experience Manager 6 Architect Adobe Certified Expert Exam Guide. Exam number: 9A0-385

Planning and Administering SharePoint 2016

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Overview Guide to PMI Certifications. Rev B Philips Excellence Project Management Practice

Implementing Desktop Application Environments

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

QAD Certification Program Guide

COURSE OUTLINE: Supporting and Troubleshooting Windows 10

METHODOLOGY This program will be conducted with interactive lectures, PowerPoint presentations, discussions and practical exercises.

Swyft Mobile for Saleforce TM. User Guide

CXD-203: Managing Citrix XenDesktop 7 Solutions

Identity Implementation Guide

Managing trust relationships with multiple business identity providers (basics) 55091A; 3 Days, Instructor-led

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

Warm Up to Identity Protocol Soup

Administering Jive Mobile Apps

Transcription:

Certification Exam Guide SALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER Winter 18 2017 Salesforce.com, inc. All rights reserved.

S ALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER CONTENTS About the Salesforce Certified Identity and Access Management Designer Credential... 1 Section 1. Purpose of this Exam Guide... 2 Section 2. Audience Description: Salesforce Certified Identity and Access Management Designer... 3 Section 3. About the Exam... 5 Section 4. Recommended Training and References... 6 Section 5. Exam Outline... 7 Section 6. Sample Exam Questions... 9 Section 7. Answers to Sample Exam Questions... 11 Section 8. Maintaining a Certification... 12 Copyright 2017 Salesforce.com, inc. All rights reserved. i

ABOUT THE SALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER CREDENTIAL The Salesforce Certified Identity and Access Management Designer credential is designed for Identity professionals who want to demonstrate their knowledge, skills and abilities in assessing identity architecture; designing secure, high-performance access management solutions on the Force.com platform. The Identity professional is also effective at communicating technical solutions to business and technical stakeholders. An Identity Professional should be able to do in order to pass the exam: Design an identity architecture that may span multiple platforms and include integration and authentication across systems. Articulate system design considerations, benefits and recommendations for an identity architecture. Apply general identity and access management best practices to Salesforce implementations. Copyright 2017 Salesforce.com, inc. All rights reserved. 1

SECTION 1. PURPOSE OF THIS EXAM GUIDE This Exam Guide is designed to help candidates evaluate their readiness to pass the Salesforce Certified Identity and Access Management Designer exam. This guide provides information about the target audience for the certification exam, recommended training and documentation, and a complete list of exam objectives; all with the intent of helping candidates achieve a passing score. Salesforce highly recommends a combination of on-thejob experience, and self-study to maximize the likelihood of passing the exam. Copyright 2017 Salesforce.com, inc. All rights reserved. 2

SECTION 2. AUDIENCE DESCRIPTION: SALESFORCE CERTIFIED IDENTITY AND ACCESS MANAGEMENT DESIGNER A Salesforce Certified Identity and Access Management Designer is able to assess the environment and requirements to design secure and scalable identity management solutions on the Force.com platform. The designer has experience designing and implementing complex identity and access management strategies; as well as communicating the solution and design trade-offs to business and technical stakeholders alike. The Salesforce Certified Identity and Access Management Designer has the following background: One year of Identity and Access Management experience One year of Salesforce experience with a major component security setup and design Two years of Securities Technology experience Typical job roles may include: Enterprise Architect Technical Architect Security Architect Corporate Integration Architect Identity Architect The Salesforce Certified Identity and Access Management Designer candidate has the experience, skills, knowledge, and ability to: Describe the configuration requirements of delegated authentication in Salesforce. Describe the configuration requirements of SAML in Salesforce. Distinguish the difference between Identity Provider Initiated SAML and Service Provider Initiated SAML and when to use each. Describe how trust is established between an Identity Provider and a Service Provider. Determine the general identity federation capabilities that are available for a given project. Explain high-level concepts and flows of OAuth. Explain high-level concepts and flows of SAML. Copyright 2017 Salesforce.com, inc. All rights reserved. 3

Explain high-level concepts and flows of OpenID Connect. Explain Social Sign-On in the context of Salesforce. Explain authentication mechanisms for Communities. Identify the cause and resolve common failure conditions for SSO in Salesforce. Explain why a solid SSO strategy is important for enterprise security. Describe why Two Factor Authentication is important and strategies for implementing it in Salesforce. Explain the use of Login Flows. Determine the applicable use cases for Identity Connect. Describe when to and how to implement App Launcher. Determine appropriate user lifecycle management techniques (automated user provisioning, just-in-time provisioning, manual account creation, etc.) for a given project. A candidate for this exam will likely need assistance to: Configure Salesforce to support SSO. Configure Salesforce for automated user lifecycle management via user provisioning and Connected Apps. Configure Salesforce to support Social Sign-On and Registration. A candidate for this exam is not expected to know: Specific IDP technology capabilities outside of Salesforce Copyright 2017 Salesforce.com, inc. All rights reserved. 4

SECTION 3. ABOUT THE EXAM The Salesforce Certified Identity and Access Management Designer exam has the following characteristics: Content: 60 multiple-choice/multiple-select questions* (5 unscored questions will be added) Time allotted to complete the exam: 120 minutes (time allows for unscored questions) Passing Score: 65% Registration fee: USD 400, plus applicable taxes as required per local law Retake fee: USD 200, plus applicable taxes as required per local law Delivery options: Proctored exam delivered onsite at a testing center or in an online proctored environment. Click here for information on scheduling an exam. References: No hard-copy or online materials may be referenced during the exam. Prerequisite: None *Please note that as of November 16, 2017, all Salesforce certification exams will contain five additional, randomly placed, unscored questions to gather data on question performance. The duration of each exam has been evaluated and adjusted to accommodate the inclusion of the unscored questions. These five questions will be in addition to the 60 scored questions on your exam, and will have no impact whatsoever on your score. Copyright 2017 Salesforce.com, inc. All rights reserved. 5

SECTION 4. RECOMMENDED TRAINING AND REFERENCES As preparation for this exam, Salesforce recommends a combination of: hands-on experience, training course completion, Trailhead trails, and self-study in the areas listed in the Exam Outline section of this exam guide. To access the most comprehensive training list, download a copy of our Salesforce Guide to Certification available here. To enroll in instructor-led courses and launch online training from your Salesforce application, click the Help & Training link in the upper right corner of the screen (requires login) and search for the desired courses. Non-Salesforce customers can register for instructor-led courses here. To review online Documentation, Tip Sheets, and User Guides search for the topics listed in the Exam Outline section of the exam guide and study the information related to those topics. Documentation, Tip Sheets, and User Guides can also be accessed through Help & Training. Documentation is also available in PDF format here. Trailhead trails can be accessed here. Be sure to check out the self-directed resource guide created just for this certification. Curated under the guidance and expertise of our Certified Technical Architect community, the guide provides you a compilation of training content that includes reference materials, videos, technical documentation, and specific case scenarios that enable you to practice and prepare for your exam. Copyright 2017 Salesforce.com, inc. All rights reserved. 6

SECTION 5. EXAM OUTLINE The Salesforce Certified Identity and Access Management Designer exam measures a candidate s knowledge and skills related to the following objectives. IDENTITY MANAGEMENT CONCEPTS Describe the role(s) an identity provider and service provider play in an access control solution. Describe common methods how trust connections are established between two systems and the methodologies used to describe trust between an identity provider and service provider. Weighting 34% Given a scenario, articulate whether it is describing an authentication, authorization, or accounting scenario and what Salesforce feature should be used to accomplish the task. Given a scenario, recommend the appropriate method for provisioning users in Salesforce and other third party services (SOAP/REST API, SAML JIT, Identity Connect, User Provisioning for Connected Apps, etc.) Describe the risks to enterprise security that federated single sign-on solutions aim to address. Given a scenario, troubleshoot common points of failure that may be encountered in a single sign-on solution (SAML, OAuth, etc.). ACCEPTING 3 RD PARTY IDENTITY IN SALESFORCE Describe the components of an identity management solution where Salesforce is accepting identity from a 3rd party. Given a scenario, recommend the appropriate authentication mechanism when Salesforce needs to accept 3rd Party Identity (Enterprise Directory, Social, Community, etc.) Weighting 21% Given a scenario, recommend the appropriate method of SAML initiation to fulfill the requirements (SP-init, IdP-init.) Describe the components of a Delegated Authentication solution. Describe the risks of implementing delegated authentication. SALESFORCE AS AN IDENTITY PROVIDER Given a scenario, determine the most appropriate flow type to recommend when implementing an OAuth solution where Salesforce is providing identity to a 3rd party (E.g. User Agent, Web Server, JWT, etc.) Describe the various implementation concepts of OAuth (E.g. scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.) Weighting 18% Copyright 2017 Salesforce.com, inc. All rights reserved. 7

Describe the role(s) Connected Apps play when Salesforce needs to provide identity to a third party system. Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the 3rd party system. (Canvas, Connected Apps, App Launcher, etc.). ACCESS MANAGEMENT BEST PRACTICES Describe the risks that Two-Factor Authentication mechanisms aim to mitigate. Given a scenario, determine the most appropriate Two-Factor Authentication mechanism for an identity solution. Given a scenario, identify the risks and mitigation strategies that session security and Two-Factor Authentication enable (E.g. High Assurance Sessions, 2FA, etc.). Weighting 12% SALESFORCE IDENTITY Given a scenario, recommend the most appropriate Salesforce license type(s) to support the identity requirements. Describe the role(s) Identity Connect plays in an Identity Management solution. Weighting 8% COMMUNITY (PARTNER AND CUSTOMER) Describe the capabilities for customizing the registration experience for external communities (E.g. Branding options, self-registration, communications, etc.). Weighting 7% Copyright 2017 Salesforce.com, inc. All rights reserved. 8

SECTION 6. SAMPLE EXAM QUESTIONS The following questions are representative of those on the Salesforce Certified Identity and Access Management Designer exam. These questions are not designed to test your readiness to successfully complete the certification exam, but should be used to become familiar with the types of questions on the exam. The actual exam questions may be more or less difficult than this set of questions. 1. Universal Containers (UC) uses Google Apps for email and is the first application all of its users go to when they start their day. UC would also like to use Salesforce's App Launcher capability to access other applications, such as Workday, SAP, and Concur. UC would like its users to only use one set of credentials. Which system's credentials should UC use? Choose one answer A. Salesforce B. SAP C. Google Apps D. Workday 2. Universal Containers (UC) has chosen to implement a hub-and-spoke Salesforce org strategy where a subset of users in the hub org should be able to access resources in any of the spoke orgs. The IT team at UC has decided they would like to manage users in the hub org and automatically create those users in the spoke orgs, as needed, to reduce administrative burden. They will configure the hub org as an Identity Provider and use SAML to authenticate users in the spoke orgs. What is the recommended solution for automatically creating users in the spoke orgs? Choose one answer A. Use an IdP-initiated SAML flow and Custom SAML JIT Provisioning to create users in the spoke orgs. B. Use an IdP-initiated SAML flow and Salesforce SAML JIT Provisioning to create users in the spoke orgs. C. Use the Salesforce REST API to create users in the spoke orgs when they are created in the hub org. D. Use Identity Connect to provision users in the spoke orgs when they try to log in from the hub org. Copyright 2017 Salesforce.com, inc. All rights reserved. 9

3. What are three advantages of implementing a federated Single Sign-on solution? Chose three answers A. Reduced IT help desk costs due to fewer password resets. B. Centralized provisioning and de-provisioning of users. C. All Service Provider credentials will be synchronized. D. Users cannot access Salesforce with Salesforce credentials. E. Increased adoption of applications by end users. 4. Which three attributes can be used to represent the identity of the user when Salesforce is acting as a Service Provider in a SAML configuration? Choose three answers A. Salesforce User ID B. Salesforce Username C. Federation ID D. User Email Address E. User Full Name 5. Universal Containers (UC) has acquired Global Shipping (GS) and the IT integration teams have been tasked with merging GS's Salesforce org into UC's Salesforce org. UC had been using Active Directory Federation Services (ADFS) as a SAML IdP for Salesforce with no multifactor authentication capabilities, while GS had been using a third-party IdP with a tightly coupled software-based one-time password generator for Two-factor authentication. The CIO of UC would preferably like the new org to continue to use ADFS as the IdP due to budget cutbacks, but would like to maintain the multifactor authentication capabilities GS is used to for Salesforce. The CIO is open to options. What is the recommended solution the Architect should recommend to the CIO? Choose one answer A. Enhance and use the existing software-based one-time password generator and continue to use ADFS as the IdP. B. Continue to use ADFS as the IdP and enable native Salesforce Two-factor Authentication for the UC org. C. Replace ADFS with the IdP from GS and expand the use of the existing software-based one-time password generator. D. Find a less expensive IdP on the AppExchange that has multifactor capabilities and use for all UC and GS users. Copyright 2017 Salesforce.com, inc. All rights reserved. 10

SECTION 7. ANSWERS TO SAMPLE EXAM QUESTIONS 1. C 2. A 3. A, B, E 4. A, B, C 5. B Copyright 2017 Salesforce.com, inc. All rights reserved. 11

SECTION 8. MAINTAINING A CERTIFICATION One of the benefits of holding a Salesforce credential is always being up to date on new product releases. Our release exams are designed to ensure you have the latest information you need to be a successful Salesforce Certified expert. Click here for information regarding requirements and cost to maintain your Salesforce certification. If you earned the Salesforce Certified Development Identity and Access Management Designer credential on or before March 23, 2017 you are required to pass the Salesforce Certified Identity and Access Management Designer Spring 17 Release Exam. Click here for details about the release exam objectives, number of questions, recommended preparation, and registration information. ABOUT SALESFORCE Salesforce offers a comprehensive catalog of courses and certifications to help you administer, develop, and use your organization s Salesforce environment. Whether you need a customized private course for your whole team or an in-depth instructor-led classroom experience for one person, Salesforce can help you take the next steps on your journey to success. Contact us today to learn how we can help you get the most out of your Salesforce investment. Copyright 2017 Salesforce.com, inc. All rights reserved. 12 AMERICAS: www.salesforce.com/training Phone: 1-877-TRAIN10 Email: educationcoordinator@salesforce.com ASIA/PACIFIC: www.salesforce.com/au/training Phone: 1-800-789-984 Email: apactraining@salesforce.com EMEA: www.salesforce.com/eu/training Email: trainingemea@salesforce.com /salesforcetrailhead @trailhead

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback