A Salesforce Certified Identity and Access Management Architect assesses the environment and requirements to design secure and scalable identity management solutions on the Customer 360 platform. The architect has experience designing and implementing complex identity and access management strategies; as well as communicating the solution and design trade-offs to business and technical stakeholders alike.
The Salesforce Certified Identity and Access Management Architect has the following background:
- 1+ years of experience designing and implementing Identity and Access Management solutions in the Salesforce Customer 360 platform
- 2+ years of identity and/or security technology experience
Typical job roles may include:
- Enterprise Architect
- Technical Architect
- Security Architect
- Integration Architect
- Identity Architect
- Solution Architect
The Salesforce Certified Identity and Access Management Architect candidate has the experience, skills, knowledge, and ability to:
- Understand the difference between Federated and Delegated Single Sign-on
- Gather requirements and configure delegated authentication in Salesforce
- Gather requirements and configure SAML in Salesforce
- Know the difference between Identity Provider Initiated SAML and Service Provider Initiated SAML and when to use each
- Know how trust is established between an Identity Provider and a Service Provider
- Determine the general identity federation capabilities that are available for a given project
- Explain high-level concepts and flows of OAuth, SAML, and OpenID Connect.
- Explain Social Sign-On in the context of Salesforce
- Explain authentication mechanisms for Communities
- Identify the cause and resolve common failure conditions for SSO in Salesforce
- Explain why a solid SSO strategy is important for enterprise security
- Know why Two Factor Authentication is important and strategies for implementing it in Salesforce
- Explain the use of Login Flows
- Determine the applicable use cases for Identity Connect
- Determine appropriate user lifecycle management techniques (automated user provisioning, just-in-time provisioning, manual account creation, etc) for a given project
A candidate for this exam will likely need assistance in:
- Write APEX
- Networking and domain management as it relates to Identity
- Configure Salesforce for automated user lifecycle management via user provisioning and Connected Apps (click path)
- Configure Salesforce to support Social Sign-On and Registration (click path)
A candidate for this exam is not expected to know:
- Specific IDP technology capabilities outside of Salesforce.
- Obtaining signed certificates