Salesforce Identity and Access Management Designer Exam!

I recently passed the Salesforce Identity and Access Management Designer certification exam. It was probably one of the most challenging one in the domain architect track list. In the past I did couple of SSO implementation for mobile apps and Salesforce integration projects but still felt that the content was all relatively new.

Credential Overview:

A Salesforce Certified Identity and Access Management Designer is able to assess the environment and requirements to design secure and scalable identity management solutions on the Force.com platform. The designer has experience designing and implementing complex identity and access management strategies; as well as communicating the solution and design trade-offs to business and technical stakeholders alike.

Study Material:

Study Guide – (Spring ’17)

The certification is centered on or around the following:

  1. Identity i.e. authentication
  2. Access Management i.e. authorization

Study the following topics:

  1. Identity Provider vs Service Provider:
    • IdP (Identity Provider) is the system that provide and hold user information
    • SP (Service Provider) trust IdP for authentication / authorization and provide service or data requested by the user
  2. Review and understand the following oAuth flows. identify which OAuth flow is the best to apply based on a scenario:
    • Username and password
    • Web server flow
    • User-agent flow
    • JWT Bearer Token
    • SAML Bearer Token
    • Web SSO SAML Assertion
  3. Open ID Connect:
    • what is it, how to use it?
  4. Connected App:
    • understanding of the OAuth scopes like Chatter API, Custom Permission, Refresh Token, Offline Access, openID, etc.
  5. Canvas:
    • Authentication methods – Signed request (POST), oAuth webflow (Get)
    • SSO integration with Force.com Canvas – IdP initiated, SP initiated
  6. SSO Configuration:
    • SSO models – Delegated authentication, Auth provider, Federated authentication
  7. My Domain:
    • when to enable – for instance, it is required for IdP initiated SSO
    • when not to – for instance, SP initiated SSO does not require My Domain
  8. Licenses
    • Identity License
    • External Identity License
    • Platform License
  9. Identity Connect:
    • capabilities of Identity Connect like user synchronization, assign/unassign user to profile, permission set, role, public group
  10. User Provisioning
    • Just-in Time Provisioning
  11. App Launcher:
    • controls the visibility of the Apps that are available to individual users based on profile/permissions
  12. Deep Linking:
    • SP-Initiated SSO via Deep Linking
    • Relay State
    • Start Url
  13. Two Factors Authentication (2FA)
  14.  Security:
    • IP restriction – with 2FA in connected app, connected app settings for sf1 mobile app
    • High assurance session to block certain feature
    • bio-metric system/app for strong 2FA

The topics mentioned-above should cover you well for the exam. I referred to the following documents, blogs, webinars for my exam preparation:

Hope this helps. Good Luck!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s