| Topic 1: Identity and Single Sign-On | 30% | - Accepting Third-Party Identity in Salesforce
- 1. Given a scenario, recommend the appropriate method of SAML initiation to fulfill the requirements (SP-init, IdP-init)
- 2. Given a scenario, recommend the appropriate authentication mechanism when Salesforce needs to accept Third-Party Identity (Enterprise Directory, Social, Community, etc.)
- 3. Describe the components of an identity management solution where Salesforce is accepting identity from a third party
- 4. Describe the components of a Delegated Authentication solution
- 5. Describe the risks of implementing delegated authentication
- Identity Management Concepts
- 1. Describe the building blocks that are part of an identity solution (authentication, authorization, and accountability) and how you enable those building blocks using Salesforce features
- 2. Describe common authentication patterns and understand the differences between each one
- 3. Describe how trust is established between two systems
- 4. Given a scenario, troubleshoot common points of failure that may be encountered in a single sign-on (SSO) solution (SAML, OAuth, etc.)
- 5. Given a scenario, recommend the appropriate method for provisioning users in Salesforce
- Salesforce as an Identity Provider
- 1. Describe the role(s) Connected Apps play when Salesforce needs to provide identity to a third-party system
- 2. Given a scenario, determine the most appropriate flow type to recommend when implementing an OAuth solution where Salesforce is providing identity to a third party (User-Agent, Web Server, JWT, etc.)
- 3. Describe the various implementation concepts of OAuth (scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.)
- 4. Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the third-party system (Canvas, Connected Apps, App Launcher, etc.)
|
| Topic 2: Access Management | 30% | - Community (Partner and Customer)
- 1. Given a scenario, determine the appropriate method for provisioning external users (self-registration, just-in-time, etc.)
- 2. Given a scenario, recommend the appropriate authentication mechanism for community users
- 3. Describe the capabilities and limitations of identity verification for external users
- 4. Describe the role of community licenses in identity and access management
- Salesforce Identity
- 1. Describe the role(s) Identity Connect plays in an Identity Management solution
- 2. Given a scenario, recommend the most appropriate Salesforce license type(s) to support the identity requirements
|
| Topic 3: Security and Compliance | 25% | - Security Best Practices
- 1. Describe how to audit and monitor identity-related activities
- 2. Given a scenario, recommend security controls to protect identity and access solutions
- 3. Describe the security capabilities of the Salesforce Platform related to identity and access management
- Access Management Best Practices
- 1. Given a scenario, identify the risks and mitigation strategies that session security and Two-Factor Authentication enable (High Assurance Sessions, 2FA, etc.)
- 2. Describe the risks that Two-Factor Authentication mechanisms aim to mitigate
- 3. Given a scenario, determine the most appropriate Two-Factor Authentication mechanism for an identity solution
|