Salesforce Identity & Access Management Architect Exam Guide

The Salesforce Identity and Access Management Architect Exam is a comprehensive assessment designed to evaluate a candidate's knowledge and skills in the field of identity and access management within the Salesforce ecosystem. This exam is specifically tailored for professionals who specialize in designing and implementing secure and efficient access management solutions on the Customer 360 platform. The program aims to validate the candidate's ability to assess identity architecture, articulate system design considerations, and apply best practices for identity and access management in Salesforce implementations.

​

The exam consists of multiple-choice questions that cover various topics related to identity architecture, integration, authentication, and general best practices in identity and access management. Candidates are expected to demonstrate their understanding of designing identity architectures that span multiple platforms, as well as their ability to effectively communicate technical solutions to both business and technical stakeholders. The exam is a rigorous test that assesses the candidate's proficiency in applying industry standards and best practices to Salesforce implementations.

​

To prepare for the Salesforce Identity and Access Management Architect Exam, candidates are recommended to have hands-on experience working with identity architecture and access management in the Salesforce ecosystem. Additionally, Salesforce provides training resources and documentation to enhance the candidate's knowledge and skills in the subject area. By combining practical experience, training courses, and self-study, candidates can maximize their chances of success in the exam and obtain the Salesforce Certified Identity and Access Management Architect credential.

 

Who is it for

The Salesforce Certified Identity and Access Management credential is designed for identity professionals. It is intended for individuals who have expertise and experience in assessing identity architecture, designing secure and high-performance access management solutions on the Customer 360 platform, and effectively communicating technical solutions to both business and technical stakeholders. This certification validates the knowledge, skills, and capabilities of identity professionals in the field of identity and access management, particularly in the context of Salesforce implementations.

​

The credential is suitable for professionals who work in roles such as Identity Architects, Identity Managers, Identity Engineers, or any other related positions involved in designing and implementing identity and access management solutions. It is ideal for individuals who want to demonstrate their proficiency in designing identity architectures that may span multiple platforms, integrating authentication across systems, and applying best practices for identity and access management in Salesforce implementations.

​

In summary, the Salesforce Certified Identity and Access Management credential is targeted towards identity professionals who possess the necessary knowledge, skills, and experience in identity architecture, access management, and Salesforce implementations.

​

Key capabilities expected from the candidate include:

1. Expertise in Designing and Implementing IAM Solutions: The candidate should have a solid understanding of identity and access management principles and be capable of designing and implementing secure IAM solutions on the Salesforce Customer 360 platform. They should be able to assess business requirements, gather system requirements, and design IAM architectures that span multiple platforms while ensuring integration and authentication across systems.

2. Knowledge of Identity Federation and Authentication Standards: The candidate should be well-versed in identity federation concepts and have a deep understanding of authentication standards such as SAML, OAuth, and OpenID Connect. They should be able to explain the high-level concepts and flows of these protocols, differentiate between Federated and Delegated Single Sign-On, and understand the establishment of trust between Identity Providers and Service Providers.

3. Proficiency in Salesforce Configuration and Integration: The candidate should possess hands-on experience configuring various IAM features and functionalities within Salesforce. This includes setting up delegated authentication, configuring SAML for Single Sign-On, implementing Social Sign-On, and understanding authentication mechanisms for Communities. They should also be familiar with user lifecycle management techniques, including automated provisioning, just-in-time provisioning, and manual account creation.

4. Understanding of Security Best Practices: The candidate should have a strong grasp of security best practices and their relevance to enterprise security. This includes knowledge of Two-Factor Authentication (2FA) and strategies for implementing it in Salesforce to enhance security. They should also understand the importance of a solid Single Sign-On (SSO) strategy and be able to identify and resolve common failure conditions for SSO in Salesforce.

5. Ability to Communicate and Collaborate: As an architect, effective communication and collaboration skills are crucial. The candidate should be capable of articulating complex technical solutions to both business and technical stakeholders, ensuring clear understanding and alignment. They should be able to gather requirements, assess risks, and make recommendations for identity architecture and access management solutions effectively.

​

Overall, a Salesforce Certified Identity and Access Management Architect is expected to demonstrate expertise in designing and implementing secure IAM solutions, possess in-depth knowledge of authentication standards and Salesforce configuration, and showcase strong communication and collaboration skills.

​

Purpose of this Exam Guide

The purpose of this Exam Guide is to provide candidates with a comprehensive resource to evaluate their readiness to pass the Salesforce Certified Identity and Access Management Architect exam. It serves as a roadmap for candidates to understand the content and objectives of the exam, as well as the recommended training and documentation that can aid in their preparation.

​

The Exam Guide aims to inform candidates about the target audience for the certification, which in this case, includes identity professionals who want to demonstrate their knowledge, skills, and capabilities in assessing identity architecture, designing secure access management solutions on the Salesforce Customer 360 platform, and effectively communicating technical solutions to both business and technical stakeholders.

​

Additionally, the Exam Guide emphasizes the importance of a combination of on-the-job experience and self-study in preparing for the exam. It highlights that candidates can maximize their chances of success by gaining practical experience in designing and implementing IAM solutions and supplementing it with self-study using the recommended training materials and documentation.

​

Overall, the purpose of this Exam Guide is to provide candidates with the necessary information and resources to assess their readiness, understand the scope of the exam, and prepare effectively to achieve a passing score in the Salesforce Certified Identity and Access Management Architect certification exam.

 

About the Exam

• Exam Format: The Salesforce Identity & Access Management Architect exam consists of multiple-choice and multiple-select questions. You will be presented with 60 such questions to assess your knowledge and skills in identity and access management solutions on the Salesforce Customer 360 platform.

• Time Allotted: You will have a total of 120 minutes to complete the exam. It is important to manage your time effectively to carefully read and respond to each question.

• Passing Score: To obtain the Salesforce Identity & Access Management Architect certification, you must achieve a minimum passing score of 67%. This score indicates your proficiency in identity and access management concepts and your ability to apply them within the Salesforce ecosystem.

• Registration Fee: The registration fee for the exam is USD 400, plus applicable taxes as required by local law. This fee covers the administrative costs associated with the exam registration process.

• Retake Fee: In case you do not pass the exam on your first attempt, a retake fee of USD 200, plus applicable taxes as required per local law, will be applicable for subsequent attempts.

• Delivery Options: The exam can be taken either in a proctored setting at a designated testing center or in an online proctored environment. The online proctored option allows you to take the exam remotely, providing flexibility and convenience.

​

By understanding these key details, you can adequately prepare for the Salesforce Identity & Access Management Architect exam. It is recommended to thoroughly study the exam objectives, gain hands-on experience, explore relevant training materials, and utilize additional resources to enhance your knowledge and skills in identity and access management solutions on the Salesforce Customer 360 platform.

 

Recommended Training and References

To prepare for the exam, Salesforce recommends a combination of hands-on experience, training courses, Trailhead trails, and self-study. The following resources are recommended for self-study:

1. Trailmix: Architect Journey: Identity and Access Management - This Trailmix on Trailhead provides a comprehensive learning path specifically designed for aspiring Identity & Access Management Architects. It covers various topics related to identity architecture, access management solutions, authentication mechanisms, user lifecycle management, and more. Completing this Trailmix will help you build a strong foundation of knowledge for the exam.

​

Additionally, you may consider the following resources as part of your preparation:

1. Salesforce Documentation - The official Salesforce documentation provides in-depth information about identity and access management features, best practices, and implementation guidelines on the Salesforce platform. Explore the Salesforce Help & Training documentation related to Identity and Access Management to deepen your understanding of the concepts and technologies involved.

2. Training Courses - Salesforce offers training courses that can help you gain the necessary knowledge and skills for the exam. Consider enrolling in courses such as "Identity and Access Management Architect" or any other relevant courses available in the Salesforce training catalog. These courses provide guided instruction and hands-on exercises to enhance your understanding of identity and access management in the Salesforce ecosystem.

​

Remember to practice hands-on experience by working on real-world projects and scenarios related to identity and access management. This practical experience will further strengthen your skills and help you apply the concepts learned during your study.

​

By combining these recommended resources with your hands-on experience, you can effectively prepare for the Salesforce Identity & Access Management Architect exam and increase your chances of success.

 

Exam Outline

The Salesforce Identity and Access Management Architect exam evaluates a candidate's knowledge and skills in various areas related to identity management and access control. The exam objectives and their respective weightings are as follows:

Identity Management Concepts: 17%

• Understand and differentiate common authentication patterns.

• Describe the building blocks of an identity solution and how to enable them using Salesforce features.

• Explain how trust is established between two systems.

• Recommend the appropriate user provisioning method in Salesforce.

• Troubleshoot common points of failure in single sign-on solutions.

Accepting Third-Party Identity in Salesforce: 21%

• Identify when Salesforce is used as a Service Provider.

• Recommend the appropriate way to provision users from identity stores in B2E and B2C scenarios.

• Determine the suitable authentication mechanism when Salesforce accepts third-party identity.

• Identify user provisioning methods to enable SSO and apply access rights.

• Describe auditing and monitoring approaches and diagnostic tools for diagnosing IdP issues.

Salesforce as an Identity Provider: 17%

• Identify the most appropriate OAuth flow in different scenarios.

• Recommend the scope and configuration of the connected app for authorization.

• Describe the implementation concepts of OAuth.

• Recommend Salesforce technologies for providing identity to third-party systems.

Access Management Best Practices: 15%

• Determine appropriate methods of multi-factor authentication based on requirements.

• Assign roles, profiles, and permission sets during the SSO process and keep them up to date.

• Apply tools for auditing and verifying user activity during and after login.

• Identify configuration settings for a Connected app.

Salesforce Identity: 12%

• Understand the role of Identity Connect in a Salesforce Identity implementation.

• Determine if Salesforce Customer 360 Identity fits into a Customer 360 solution.

• Recommend the most appropriate Salesforce license type(s) based on requirements.

Community (Partner and Customer): 18%

• Describe customization capabilities for the user experience in Experience Cloud.

• Determine the best way to support external identity providers in communities and leverage the appropriate user/contact model.

• Understand the advantages and limitations of External Identity solutions and associated licenses.

• Identify when to use embedded login in a scenario.

​

The exam consists of multiple-choice questions and the passing score is set at 65%. Candidates are recommended to have hands-on experience, complete relevant training courses, and study the exam objectives to increase their chances of success.