Salesforce Identity-and-Access-Management-Architect Exam With Confidence Using Practice Dumps

For an Experience Cloud site that uses Salesforce as the identity provider, the supported login experiences are the standard page types intended for authentication. Salesforce supports a Login Discovery page, which helps identify the user and route them appropriately, and an Embedded Login page, which allows the login experience to be embedded into a branded front-end. These are purpose-built for sign-in scenarios. By contrast, a generic Experience Builder content page or a Lightning Experience page is not the same thing as a supported login page type for the site’s authentication flow. The important distinction in Salesforce documentation is between pages designed for site content and pages designed to participate directly in the authentication journey. This is why options A, C work together as the correct solution.

Salesforce’s user-agent flow implements the OAuth 2.0 implicit grant model for browser-based or mobile applications that obtain authorization through a browser. In that flow, the client uses a client ID and requests specific scopes. The user authorizes the app, and the resulting token is delivered through the browser-based redirect. In Salesforce identity examples, refresh-related behavior is often part of the mobile discussion, while an authorization code is not a characteristic of the implicit model. That is the key concept to remember: implicit or user-agent flow is centered on browser-mediated authorization without a back-end code exchange. So the valid concepts align with client identity and requested access, not with the server-side authorization-code step used in the web server flow. This is why options A, B, E work together as the correct solution.

The Identity Only license is designed for users who need Salesforce Identity services without broad CRM object access. Salesforce documentation positions it for scenarios where employees or other internal users need to authenticate with Salesforce credentials and access connected applications, but they do not require the full set of standard Salesforce business objects. That makes it a good fit for benefits portals, employee hubs, or third-party workforce apps that rely on Salesforce for identity rather than for CRM usage. External Identity is aimed at external audiences such as customers or partners, while Identity Connect is synchronization software rather than an end-user license. The licensing decision follows the user population and the scope of application access more than the authentication protocol itself. This is why option A is the best answer in Salesforce terms.