The Salesforce architect exams are some of the most rewarding and interesting exams to get. I really enjoy them because they offer a rare chance to dive very deep into a specific area of the platform. These can expand your capabilities within Salesforce, and provide you valuable understanding as you progress your career towards Technical Architect. This is the study guide for the Identity and Access Management Designer certification exam.
Each of these exams has a study guide (like all other certifications), as well as a resource guide which has linked articles, Trailhead modules, documentation and more. To get the most out of those guides, I have written down some important areas to study and understand. If you understand the concepts below, you’ll do well on your exam.
Identity and Access Management Designer
The Salesforce Identity and Access Management Designer exam focuses on your understanding of how access is controlled using external authentication providers, as well as using Salesforce as the authentication provider. You need to know how the systems talk to each other, the different ways authentication can be passed, and how to manage the security of your org(s).
For me, this was the hardest of all of the architect exams. This test deals with a lot of non-Salesforce principles and practices. If you have spent time working with authentication and security in your current or previous roles, it may not be as difficult. I had to take this test a few times, as well as spend a good amount of time learning about concepts outside of my normal job responsibilities.
Salesforce uses the OAuth protocol to safely access information without passing login credentials. This article speaks about configuring SSO, and this one speaks about best practices. It is important to review those best practice considerations.
Active Directory – Salesforce Identity Connect
It is important to understand Identity Connect and the relationship Active Directory has in the modern enterprise landscape. Mapping requirements is a key part of this process.
Identity Provider vs. Service Provider
Given an authentication scenario, you will be asked to determine which system is the identity provider, and which system is the service provider. The key to these questions is determining the platform that ultimately authenticates the users credentials.
Two Factor Authentication
Know what options are available for 2FA natively from Salesforce, as well as the AppExchange. Also understand when you would recommend a 2FA step to an organization.
Know what just in time provisioning is, and for what use case(s) it may be appropriate.
Canvas Apps and SAML SSO
Understanding how SAML SSO can authenticate into your canvas apps.
When working with multiple orgs, understand the SSO capabilities and limitations.
What tokens exist within different authentications scenarios? How is security handled in these scenarios?