Exam Integration-Architect Topic 4 Question 122 Discussion
Actual exam question for Salesforce's Integration-Architect exam
Question #: 122
Topic #: 4
Question #: 122
Topic #: 4
A large consumer goods manufacturer operating in multiple countries is planning to implement Salesforce for its sales and support operations globally. The Manufacturer has the following security requirements:
* Internal users from each country have to be authenticated with their local active directory.
* Customers can create their own login or use Google login.
* Partners have to be authenticated through a central system which is to be determined.
* Internal users will have access to the central Enterprise Resource Planning (ERP) with their credentials maintained in the ERP system.
* Additional internal systems will be integrated with Salesforce for sales and support business processes.
Which requirement should the integration architect evaluate while designing the integration needs of this project?
* Internal users from each country have to be authenticated with their local active directory.
* Customers can create their own login or use Google login.
* Partners have to be authenticated through a central system which is to be determined.
* Internal users will have access to the central Enterprise Resource Planning (ERP) with their credentials maintained in the ERP system.
* Additional internal systems will be integrated with Salesforce for sales and support business processes.
Which requirement should the integration architect evaluate while designing the integration needs of this project?
Suggested Answer: C Vote an answer
Managing identity across a global enterprise with diverse user personas (Employees, Customers, Partners) requires a centralized Identity and Access Management (IAM) strategy. In a landscape involving multiple local Active Directories, social logins (Google), and a central ERP system, attempting to manage authentication natively within Salesforce or through custom-built local silos would result in high technical debt and security vulnerabilities.
The architect should recommend a third-party Single Sign-On (SSO) solution, acting as a central Identity Provider (IdP). This IdP serves as the orchestration layer for all authentication requests.
* For Internal Users: The IdP can federate with the various local Active Directories, allowing users to log in with their existing corporate credentials.
* For Customers: The IdP can handle "Social Sign-On" (OpenID Connect) with Google and manage self-registration.
* For Partners: It provides the "central system" required for their authentication.
By using a central SSO solution, Salesforce acts as a Service Provider (SP). When a user attempts to access Salesforce, the request is redirected to the IdP via the SAML 2.0 or OpenID Connect protocol. Once the IdP validates the user against the appropriate backend (AD, Google, or its own directory), it sends a secure assertion back to Salesforce to grant access.
Furthermore, this central IdP can facilitate access to the ERP system and other internal systems. If these systems support SAML, the same SSO session used for Salesforce can be extended to them, providing a true single sign-on experience. This architecture centralizes security auditing, simplifies user de-provisioning (the
"kill switch" effect), and ensures a consistent user experience across the global manufacturing landscape.
Implementing a thir2d-party IdP is the industry-standard approach for complex integrations where security, scalabi3lity, and multi-protocol support are primary requirements.
The architect should recommend a third-party Single Sign-On (SSO) solution, acting as a central Identity Provider (IdP). This IdP serves as the orchestration layer for all authentication requests.
* For Internal Users: The IdP can federate with the various local Active Directories, allowing users to log in with their existing corporate credentials.
* For Customers: The IdP can handle "Social Sign-On" (OpenID Connect) with Google and manage self-registration.
* For Partners: It provides the "central system" required for their authentication.
By using a central SSO solution, Salesforce acts as a Service Provider (SP). When a user attempts to access Salesforce, the request is redirected to the IdP via the SAML 2.0 or OpenID Connect protocol. Once the IdP validates the user against the appropriate backend (AD, Google, or its own directory), it sends a secure assertion back to Salesforce to grant access.
Furthermore, this central IdP can facilitate access to the ERP system and other internal systems. If these systems support SAML, the same SSO session used for Salesforce can be extended to them, providing a true single sign-on experience. This architecture centralizes security auditing, simplifies user de-provisioning (the
"kill switch" effect), and ensures a consistent user experience across the global manufacturing landscape.
Implementing a thir2d-party IdP is the industry-standard approach for complex integrations where security, scalabi3lity, and multi-protocol support are primary requirements.
by Vivian at Jul 16, 2026, 01:49 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).