Free Salesforce Identity-and-Access-Management-Architect Exam Questions

Become Salesforce Certified with updated Identity-and-Access-Management-Architect exam questions and correct answers

Page: 1 / 50

Total 250 Questions | Updated On: Mar 11, 2026

Add To Cart

Question 1

An Architect has configured a SAML-based SSO integration between Salesforce and an external Identity provider and is ready to test it. When the Architect attempts to log in to Salesforce using SSO, the Architect receives a SAML error. Which two optimal actions should the Architect take to troubleshoot the issue?

A : Ensure the Callback URL is correctly set in the Connected Apps settings.

B : Use a browser that has an add-on/extension that can inspect SAML.

C : Paste the SAML Assertion Validator in Salesforce.

D : Use the browser-s Development tools to view the Salesforce page-s markup.

Answer: B,C

Question 2

Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers

can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also

leveraging the App Launcher to let customers access an of platform application for generating shipping labels.

The label generator application uses OAuth to provide users access. What license type should an Architect

recommend for the customers?

A : Customer Community license

B : Identity license

C : Customer Community Plus license

D : External Identity license

Answer: B

Question 3

Universal Containers (UC) operates in Asia, Europe and North America regions. There is one Salesforce org

for each region. UC is implementing Customer 360 in Salesforce and has procured External Identity and

Customer Community licenses in all orgs.

Customers of UC use Community to track orders and create inquiries. Customers also tend to move across

regions frequently.

What should an identity architect recommend to optimize license usage and reduce maintenance overhead?

A : Merge three orgs into one instance of Salesforce. This will no longer require maintaining three separate copies of the same customer.

B : Delete contact/ account records and deactivate user if user moves from a specific region; Sync will no longer be required.

C : Contacts are required since Community access needs to be enabled. Maintenance is a necessary overhead that must be handled via data integration.

D : Enable Contactless User in all orgs and downgrade users from Experience Cloud license to External Identity license once users have moved out of that region.

Answer: C

Question 4

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in

the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application

support teams to finish user deactivations. A terminated employee recently was able to login to NTO's

Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP

directory.

What should an identity architect recommend to prevent this from happening in the future?

A : Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.

B : Configure an authentication provider to delegate authentication to the LDAP directory.

C : use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.

D : Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

Answer: B

Question 5

Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

A : Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.

B : Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.

C : Use a nightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SSO.

D : Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SSO.

Answer: A

Page: 1 / 50

Total 250 Questions | Updated On: Mar 11, 2026

Add To Cart