Salesforce Identity-and-Access-Management-Architect Exam With Confidence Using Practice Dumps

The optimal Salesforce license type for all of the UC employees who will access the custom Innovation platform without logging in with Salesforce credentials is the Salesforce Platform license. The Salesforce Platform license allows users to access custom applications built on the Lightning Platform, such as Apex and Visualforce, and use standard objects such as accounts, contacts, reports, dashboards, and custom tabs. It also supports SSO with a third-party identity provider using SAML. Option A is not a good choice because the Identity license is designed for users who need to access Salesforce Identity features, such as identity provider, social sign-on, and user provisioning, but not for users who need to access custom applications. Option B is not a good choice because the Salesforce license is designed for users who need full access to standard CRM and Lightning Platform features, such as leads, opportunities, campaigns, forecasts, and contracts, but it may be unnecessary or expensive for users who only need to access custom applications. Option C is not a good choice because the External Identity license is designed for users who are external to the organization, such as customers or partners, but not for users who are internal employees.

To enable self-registration for their Salesforce partner community users, UC should modify the communities’ self-registration controller to assign the profile andaccount based on the custom data elements from the partner user1. UC should also configure registration for communities touse a customVisualforce page to capture the custom data elements from the partner user2. Therefore, option A and C are the correct answers.

Thetwo items that an architect should recommend for UC to minimize the administration overhead are:

Enable the “Refresh Tokens is valid until revoked” setting in the Connected App. This setting allows the mobile app to obtain a refresh token from Salesforce when it obtains an access token. A refresh token can be used to obtain a new access token when the previous one expires or becomes invalid. By enabling this setting in the Connected App, UC can reduce the number of login prompts and authentication failuresfor its mobile users, as they can use the refresh token to renew their access without entering their credentials again.

Enable the “All users may self-authorize” setting in the Connected App. This setting allows users to grant access to the mobile app without administrator approval. By enabling this setting in the Connected App, UC can simplify and speed up the deployment process for its mobile app, as they do not need to manually authorize each user or group of users.

The other options are not recommendeditems for this scenario. Enabling the “Enforce IP restrictions” setting in the Connected App would limit the mobile app access to certain IP ranges, which could prevent some users from accessing the app from different locations or networks. Enabling the “High Assurance session required” setting in the Connected App would require users to verify their identity with a second factor before accessing the mobile app, which could increase complexity and inconvenience for users. References: [Connected Apps], [Refresh Token], [All Users May Self-Authorize], [IP Restrictions for Connected Apps], [Require a Second Factor of Authentication for Connected Apps]