Salesforce Identity-and-Access-Management-Architect Exam With Confidence Using Practice Dumps

Salesforce Experience Cloud includes out-of-the-box branding options for login and registration experiences, and those can be extended through Experience Builder for related pages such as forgot-password and reset-password journeys. The standard site administration and branding controls can cover logos, colors, and certain visual treatments of the login page. Where the business wants branded password-management pages as well, Experience Builder is the supported way to build those experiences consistently. That is better than creating fully custom pages for everything unless the requirement truly goes beyond what the platform supports. The architecture point is to use the built-in branding framework first and extend through Experience Builder where branded identity pages are needed. This is why options A, D work together as the correct solution.

The Identity Only license is designed for users who need Salesforce Identity services without broad CRM object access. Salesforce documentation positions it for scenarios where employees or other internal users need to authenticate with Salesforce credentials and access connected applications, but they do not require the full set of standard Salesforce business objects. That makes it a good fit for benefits portals, employee hubs, or third-party workforce apps that rely on Salesforce for identity rather than for CRM usage. External Identity is aimed at external audiences such as customers or partners, while Identity Connect is synchronization software rather than an end-user license. The licensing decision follows the user population and the scope of application access more than the authentication protocol itself. This is why option A is the best answer in Salesforce terms.

For fine-grained delegated access and long-lived sessions, the Authorization Code flow is the strongest mainstream OAuth choice. It supports user consent, server-side token exchange, and refresh-token issuance in the patterns Salesforce documents for confidential applications. Client Credentials is for app-to-app integration without a user context, and Implicit/User-Agent is less suitable for strong control and durable token management. Username-password is a special-case flow that trades off security and user experience. The reason this matters architecturally is that the authorization code pattern separates user authentication from token exchange and allows the client to keep secrets securely on the server side. That is why it remains the preferred model for robust delegated access to protected Salesforce resources. This is why option B is the best answer in Salesforce terms.