idam2

Northern Trail Outfitters (NTO) has an existing custom business-to-consumer (B2C) website that does NOT support single sign-on standards, such as Security Assertion Markup Language (SAML) or OAuth. NTO wants to use Salesforce Identity to register and authenticate new customers on the website. Which two Salesforce features should an identity architect use in order to provide username/password authentication for the website?. Connected Apps. Identity Connect. Delegated Authentication. Embedded Login.

Users logging into Salesforce are frequently prompted to verify their identity. The identity architect is required to provide recommendations so that frequency of prompt verification can be reduced. What should the identity architect recommend to meet the requirement?. Implement 2FA authentication for the Salesforce org. Implement an single sign-on for Salesforce using an external identity provider. Set trusted IP ranges for the organization. Implement multi-factor authentication for the Salesforce org.

Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials. The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically. Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?. Third-party AppExchange solution. Custom login flow and Apex handler. Custom middleware and web services. Just-in-Time (JIT) provisioning.

An architect has successfully configured SAML-BASED SSO for universal containers. SSO has been working for 3 months when Universal containers manually adds a batch of new users to salesforce. The new users receive an error from salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access salesforce. What is the probable cause of this behaviour?. The administrator forgot to reset the new user's salesforce password. The Federation ID field on the new user records is not correctly set. The my domain capability is not enabled on the new user's profile. The new users do not have the SSO permission enabled on their profiles.

Containers (UC) has an existing Customer Community. UC wants to expand the self-registration capabilities such that customers receive a different community experience based on the data they provide during the registration process. What is the recommended approach an Architect Should recommend to UC?. Create an After Insert Apex trigger on the user object to assign specific custom permissions. Create separate login flows corresponding to the different community user personas. Modify the Community pages to utilize specific fields on the User and Contact records. Modify the existing Communities registration controller to assign different profiles.

Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers. As part of the body of a Salesforce Knowledge article. In the mobile navigation menu on Salesforce for Android. The sidebar of a Salesforce Console as a console component. Included in the Call Control Tool that's part of Open CT.

Universal containers (UC) wants users to authenticate into their salesforce org using credentials stored in a custom identity store. UC does not want to purchase or use a third-party Identity provider. Additionally, UC is extremely wary of social media and does not consider it to be trust worthy. Which two options should an architect recommend to UC? Choose 2 answers. Use a professional social media such as LinkedIn as an Authentication provider. Build a custom web page that uses the identity store and calls frontdoor.jsp. Build a custom Web service that is supported by Delegated Authentication. Implement the Openid protocol and configure an Authentication provider.

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?. Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs. Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs. Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.

Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?. Customer Community license. Identity license. Customer Community Plus license. External Identity license.

Universal Containers (UC) has implemented SAML-based SSO solution for use with their multi-org Salesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is reporting that they can log in to the Identity Provider org but get a generic SAML error message when accessing the other orgs. Which two considerations should the architect review to troubleshoot the issue? Choose 2 answers. The Federation ID must be a valid Salesforce Username. The Federation ID must is case sensitive. The Federation ID must be in the form of an email address. The Federation ID must be populated on the user record.

Universal containers uses an Employee portal for their employees to collaborate. employees access the portal from their company's internal website via SSO. It is set up to work with Active Directory. What is the role of Active Directory in this scenario?. Identity store. Authentication store. Identity provider. Service provider.

Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?. Id. Web. Api. Custom permissions.

Containers (UC) has implemented SAML-based single Sign-on for their Salesforce application and is planning to provide access to Salesforce on mobile devices using the Salesforce1 mobile app. UC wants to ensure that Single Sign-on is used for accessing the Salesforce1 mobile App. Which two recommendations should the Architect make? Choose 2 Answers. Configure the Embedded Web Browser to use My Domain URL. Configure the Salesforce1 App to use the MY Domain URL. Use the existing SAML-SSO flow along with User Agent Flow. Use the existing SAML SSO flow along with Web Server Flow.

which three are features of federated Single Sign-on solutions? Choose 3 answers. It federates credentials control to authorized applications. It establishes trust between Identity store and service provider. It solves all identity and access management problems. It improves affiliated applications adoption rates. It enables quick and easy provisioning and deactivating of users.

Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden. Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps? Choose 2 answers. Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps. Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there. Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there. Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.

Universal containers (UC) has implemented SAML-BASED single Sign-on for their salesforce application and is planning to provide access to salesforce on mobile devices using the salesforce1 mobile app. UC wants to ensure that single Sign-on is used for accessing the salesforce1 mobile app. Which two recommendations should the architect make? Choose 2 answers. Use the existing SAML SSO flow along with user agent flow. Configure the embedded Web browser to use my domain URL. Use the existing SAML SSO flow along with Web server flow. Configure the salesforce1 app to use the my domain URL.

Universal Containers (UC) uses Salesforce for its customer service agents. UC has a proprietary system for order tracking which supports Security Assertion Markup Language (SAML) based single sign-on. The VP of customer service wants to ensure only active Salesforce users should be able to access the order tracking system which is only visible within Salesforce. What should be done to fulfill the requirement? Choose 2 answers. Setup Order Tracking as a Canvas app in Salesforce to POST IdP initiated SAML assertion. Setup Salesforce as an identity provider (IdP) for Order Tracking. Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking. Customize Order Tracking to initiate a REST call to validate users in Salesforce after login.

A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities. Which Salesforce OAuth authorization flow should be used?. OAuth 2.0 Device Flow. OAuth 2.0 JWT Bearer Flow. OAuth 2.0 User-Agent Flow. OAuth 2.0 Asset Token Flow.

An identity architect wants to secure Salesforce APIs using Security Assertion Markup Language (SAML). For security purposes, administrators will need to authorize the applications that will be consuming the APIs. Which Salesforce OAuth authorization flow should be used?. OAuth 2.0 JWT Bearer Flow. SAML Assertion Flow. OAuth 2.0 SAML Bearer Assertion Flow. OAuth 2.0 User-Agent Flow.

The executive sponsor for an organization has asked if Salesforce supports the ability to embed a login widget into its service providers in order to create a more seamless user experience. What should be used and considered before recommending it as a solution on the Salesforce Platform?. Embedded Login. Consider whether or not it relies on third party cookies which can cause browser compatibility issues. Salesforce REST APIs. Ensure that Secure Sockets Layer (SSL) connection for the integration is used. OpenID Connect Web Server Flow. Determine if the service provider is secure enough to store the client secret on. Embedded Login. Identify what level of UI customization will be required to make it match the service providers look and feel.

Universal Containers (UC) is rolling out its new Customer Identity and Access Management Solution built on top of its existing Salesforce instance. UC wants to allow customers to login using Facebook, Google, and other social sign-on providers. How should this functionality be enabled for UC, assuming all social sign-on providers support OpenID Connect?. Configure a single sign-on setting and a registration handler for each social sign-on provider. Configure an authentication provider and a Just-In-Time (JIT) handler for each social sign-on provider. Configure a single sign-on setting and a JIT handler for each social sign-on provider. Configure an authentication provider and a registration handler for each social sign-on provider.

A global company is using the Salesforce Platform as an Identity Provider and needs to integrate a third-party application with its Experience Cloud customer portal. Which two features should be utilized to provide users with login and identity services for the third-party application? Choose 2 answers. Use Delegated Authentication. Use the App Launcher with single sign-on (SSO). External a Data source with Named Principal identity type. Use a connected app.

Northern Trail Outfitters (NTO) has an existing business-to-consumer (B2C) website that that does NOT support single sign on standards, such as Security Assertion Markup Language (SAML) or OAuth. NTO wants to use Salesforce Identity to register and authenticate new customers on the website. Which three Salesforce features should an Identity architect use in order to provide social sign-in capabilities for the website? Choose 3 answers. Delegated Authentication. Connected Apps. Authentication Providers. Embedded Login. Identity Connect.

Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce. What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?. Require the use of Salesforce security tokens on passwords. Enforce mutual authentication between systems using SSL. Include Client Id and Client Secret in the login header callout. Set up a proxy service for the login service in the DMZ.

An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage. What is recommended to fulfill this requirement with the least amount of customization?. Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile. Use Login Flows to add a screen that shows personalized alerts. Create custom metadata that stores user alerts and use a LWC to display alerts. Build a Lightning Web Component (LWC) for a homepage that shows custom alerts.

Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (IdP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce. What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce. Build an integration that queries LDAP periodically and creates new active users in Salesforce. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.

A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as few passwords as possible. What should an identity architect recommend?. Setup Salesforce as an Authentication Provider to the existing IdP. Use Salesforce connect to synchronize LDAP passwords to Salesforce. Setup Salesforce as an IdP to authenticate against the LDAP directory. Setup Salesforce as a Service Provider to the existing IdP.

A large consumer company is planning to create a community and will require login through the customers social identity. The following requirements must be met: 1. The customer should be able to login with any of their social identities, however Salesforce should only have one user per customer. 2. Once the customer has been identified with a social identity, they should not be required to authorize Salesforce. 3. The customers personal details from the social sign on need to be captured when the customer logs into Salesforce using their social identity. 3. If the customer modifies their personal details in the social site, the changes should be updated in Salesforce. Which two options allow the Identity Architect to fulfill the requirements? Choose 2 answers. Redirect the user to a custom page that allows the user to select an existing social identity for login. Use the custom registration handler to link social identities to Salesforce identities. Use Login Flows to call an authentication registration handler to provision the user before logging the user into the community. Use authentication providers for social sign-on and use the custom registration handler to insert or update personal details.

Which two things should be done to ensure end users can only use single sign-on (SSO) to login in to Salesforce? Choose 2 answers. Request Salesforce Support to enable delegated authentication. Assign user "Is Single Sign-On Enabled" permission via profile or permission set. Once SSO is enabled, users are only able to login using Salesforce credentials. Enable My Domain and select "Prevent login from https://login.salesforce.com.

A global fitness equipment manufacturer uses Salesforce to manage its sales cycle. The manufacturer has a custom order fulfillment app that needs to request order data from Salesforce. The order fulfillment app needs to integrate with the Salesforce API using OAuth 2.0 protocol. What should an identity architect use to fulfill this requirement?. OAuth Tokens. Authentication Providers. Connected App and OAuth Scopes. Canvas App Integration.

Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Facebook and Twitter credentials. Which two actions should an identity architect recommend to meet these requirements? Choose 2 answers. Create a custom external authentication provider for Twitter. Configure a predefined authentication provider for Facebook. Configure a predefined authentication provider for Twitter. Create a custom external authentication provider for Facebook.

A leading fitness tracker company is getting ready to launch a customer community. The company wants its customers to login to the community and connect their fitness device to their profile. Customers should be able to obtain exercise details and fitness recommendation in the community. Which should be used to satisfy this requirement?. Named Credentials. Single Sign-On Settings. Login Flows. OAuth Device Flow.

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type). Which three OAuth concepts apply to this flow? Choose 3 answers. Client ID. Refresh Token. Authorization Code. Scopes. Verification Code.

Northern Trail Outfitters (NTO) is setting up Salesforce to authenticate users with an external identity provider. The NTO Salesforce Administrator is having trouble getting things setup. What should an identity architect use to show which part of the login assertion is failing?. Connected App Manager. Identity Provider Metadata download. SAML Metadata file importer. Security Assertion Markup Language Validator.

Universal Containers is implementing Salesforce Identity to broker authentication from its enterprise single sign- on (SSO) solution through Salesforce to third party applications using SAML. What role does Salesforce Identity play in its relationship with the enterprise SSO system?. Service Provider (SP). Client Application. Identity Provider (IdP). Resource Server.

A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication. Which three functions meet the Salesforce criteria for secure MFA? Choose 3 answers. Username and password + security key. Certificate-based Authentication. Username and password + SMS passcode. Third-party single sign-on with Mobile Authenticator app. Lightning Login.

Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer 360 Identity and how it contributes ato successful Customer 360 Truth project. What are two are key benefits of Customer 360 Identity as it relates to Customer 360? Choose 2 answers. Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves. Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization an understanding of the user's login activity across all its digital properties and applications. Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity, even if it spans multiple corporate brands and user experiences. Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.

Universal containers (UC) is successfully using Delegated Authentication for their salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET. Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers. Delegated Authentication will not work with a .net service. Delegated Authentication will continue to work with rest services. Delegated Authentication will continue to work with a .net service. Delegated Authentication will not work with rest services.

Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers. Users leaving laptops unattended and not logging out of Salesforce. Users accessing Salesforce from a public Wi-Fi access point. Users choosing passwords that are the same as their Facebook password. Users creating simple-to-guess password reset questions.

Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app. Which two scope values should an Architect recommend to UC? Choose 2 answers. Custom permissions. Api. Refresh token. Full.

Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization. Which OAuth URL parameter can be used to retain the original requested page so that a user can be redirected correctly after OAuth authorization?. Redirect URI. State. Scope. Callback URI.

Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SS. Use a nightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SS. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SS.

Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication? Choose 2 answers. Salesforce license for sales users and Identity license for Marketing users. Salesforce license for sales users and External Identity license for Marketing users. Identity license for sales users and Identity connect license for Marketing users. Salesforce license for sales users and platform license for Marketing users.

Universal containers (UC) wants to integrate a Web application with salesforce. The UC team has implemented the Oauth web-server Authentication flow for authentication process. Which two considerations should an architect point out to UC? Choose 2 answers. The web application should be hosted on a secure server. The web server must be able to protect consumer privacy. The flow involves passing the user credentials back and forth. The flow will not provide an Oauth refresh token back to the server.

Universal Containers (UC)plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?. Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow. Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request. Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow. Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.

Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's Id. Utilize Authorization Providers to allow the third-party appliction to authenticate itself against Salesforce as the Idp. Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp. Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp.

An Architect needs to advise the team that manages the Identity Provider how to differentiate Salesforce from other Service Providers . What SAML SSOsetting in Salesforce provides this capability?. Identity Provider Login URL. Issuer. Entity Id. SAML Identity Location.

Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to loginto salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page . What is the likely cause of the issue?. The "Redirect to Identity Provider" option has been selected in the my domain configuration. The user has not configured the salesforce1 mobile app to use my domain for login. The "Redirect to identity provider" option has not been selected the SAML configuration. The user has not been granted the "Enable single Sign-on" permission.

Universal Containers (UC) has an existing web application that it would like to access from Salesforce without requiring users to re-authenticate. The web application is owned UC and the UC team that is responsible for it is willing to add new javascript code and/or libraries to the application . What implementation should an Architect recommend to UC?. Create a Canvas app and use Signed Requests to authenticate the users. Rewrite the web application as a set of Visualforce pages and Apex code. Configure the web application as an item in the Salesforce App Launcher. Add the web application as a ConnectedApp using OAuth User-Agent flow.

Universal containers (UC) built a customer Community for customers to buy products, review orders, and manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook . Which two role combinations are represented by the systems in the scenario? Choose 2 answers. Google is the service provider and Facebook is the identity provider. Salesforce is the service provider and Google is the identity provider. Facebook is the service provider and salesforce is the identity provider. Salesforce is the service provider and Facebook is the identity provider.

Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs. How should UC'S architect enable this behavior?. Ensure that users have the same email value in their user records in all of UC's salesforce orgs. Ensure the same username is allowed in multiple orgs by contacting salesforce support. Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs. Ensure that users have the same alias value in their user records in all of UC's salesforce orgs.

Containers (UC) has decided to implement a federated single Sign-on solution using a third-party Idp. In reviewing the third-party products, they would like to ensure the product supports the automated provisioning and deprovisioning of users. What are the underlining mechanisms that the UC Architect must ensure are part of the product?. SOAP API for provisioning; Just-in-Time (JIT) for Deprovisioning. Just-In-time (JIT) for Provisioning; SOAP API for Deprovisioning. Provisioning API for both Provisioning and Deprovisioning. Just-in-Time (JIT) for both Provisioning and Deprovisioning.

Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?. Web Server flow. JWT Bearer Token flow. Username-Password flow. User Agent flow.

Universal containers (UC) is concerned that having a self-registration page will provide a means for "bots" or unintended audiences to create user records, thereby consuming licences and adding dirty data. Which two actions should UC take to prevent unauthorised form submissions during the self-registration process? Choose 2 answers. Use open-ended security questions and complex password requirements. Primarily use lookup and picklist fields on the self registration page. Require a captcha at the end of the self-registration process. Use hidden fields populated via java script events in the self-registration page.

Under which scenario Web Server flow will be used?. Used for web applications when server-side code needs to interact with API. Used for server-side components when page needs to be rendered. Used for mobile applications and testing legacy Integrations. Used for verifying Access protected resources.

Which three different attributes can be used to identify the user in a SAML assertion when Salesforce is acting as a Service Provider? Choose 3 answers. Federation ID. Salesforce User ID. User Full Name. User Email Address. Salesforce Username.

Universal containers (UC) has decided to use identity connect as it's identity provider. UC uses active directory (AD) and has a team that is very familiar and comfortable with managing ad groups. UC would like to use AD groups to help configure salesforce users. Which three actions can AD groups control through identity connect? Choose 3 answers. Public Group Assignment. Granting report folder access. Role Assignment. Custom permission assignment. Permission sets assignment.