Salesforce - Priscilla Hong

• Content: 60 multiple-choice/multiple-select questions and up to five non-scored questions 
• Time allotted to complete the exam: 120 minutes
• Passing score: 67%
• Version: Exam questions align to the Summer '23 release
• Registration fee: US$400, plus applicable taxes as required per local law
• Retake fee: $200, plus applicable taxes as required per local law
• Delivery options: Proctored exam delivered onsite at a testing center or in an online proctored environment; click here for information on scheduling an exam.
• References: No hard-copy or online materials may be referenced during the exam.
• Prerequisite: None

Exam Outline

Trailhead Exam Guideline

Identity Management Concepts: 17%

• Describe common authentication patterns and understand the differences between each one.
• Describe the building blocks that are part of an identity solution (authentication, authorization, and accountability) and how you enable those building blocks using Salesforce features.
• Describe how trust is established between two systems.
• Given a scenario, recommend the appropriate method for provisioning users in Salesforce.
• Given a scenario, troubleshoot common points of failure that may be encountered in a single sign-on (SSO) solution (SAML, OAuth, etc.).

Accepting Third-Party Identity in Salesforce: 21%

• Given a use case, describe when Salesforce is used as a Service Provider (SP).
• Given a scenario, recommend the most appropriate way to provision users from identity stores in business-to-employer (B2E) and business-to-consumer (B2C) scenarios.
• Given a scenario, recommend the appropriate authentication mechanism when Salesforce needs to accept third-party Identity (Enterprise Directory, Social, Community, etc.).
• Given a scenario, identify the ways to provision users in Salesforce to enable SSO and apply access rights.
• Given a scenario, identify the auditing and monitoring approaches available on the platform, and describe the tools available to diagnose Identity Provider (IdP) issues.

Salesforce as an Identity Provider: 17%

• Given a scenario, identify the most appropriate OAuth flow (Web-based, JWT, User agent, Device auth flow).
• Given a scenario, recommend appropriate Scope and Configuration of the Connected App for Authorization.
• Describe the various implementation concepts of OAuth (scopes, secrets, tokens, refresh tokens, token expiration, token revocation, etc.).
• Given a scenario, recommend the Salesforce technologies that should be used to provide identity to the third-party system (Canvas, Connected Apps, App Launcher, etc.).

Access Management Best Practices: 15%

• Given a set of requirements, determine the most appropriate methods of multi-factor authentication (MFA) to use, and the right type of session they should yield.
• Given a scenario, determine how to best assign roles, profiles, and permission sets to a user during the SSO process, how to keep these assignments up to date.
• Given a scenario, describe which tools you can apply to audit and verify the activity/user during and after login.
• Given a scenario, identify the configuration settings for a Connected App.

Salesforce Identity: 12%

• Given a set of requirements, identify the role Identity Connect plays in a Salesforce Identity implementation.
• Given a scenario, identify if Salesforce Customer 360 Identity fits into a fully-developed Customer 360 solution.
• Give a set of requirements, recommend the most appropriate Salesforce license type(s).

Community (Partner and Customer): 18%

• Describe the capabilities for customizing the user experience for Experience Cloud (Branding options, authentication options, identity verification self-registration, communications, password reset, etc.).
• Given a set of requirements, determine the best way to support external IdPs in communities and leverage the right user/contact model to support community user experience.
• Given a requirement, understand the advantages and limitations of External Identity solutions and associated licenses.
• Given a scenario, determine when to use embedded login.