Salesforce Exam Identity and Access Management Architect Topic 2 Question 56 Discussion

Actual exam question for Salesforce's Identity and Access Management Architect exam

Question #: 56
Topic #: 2

[All Identity and Access Management Architect Questions]

An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered.

What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?

AEnsure that there is an HTTPS connection between IDP and SP.

BEnsure that on the SSO settings page, the 'Request Signing Certificate' field has a self-signed certificate.

CEnsure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.

DEncrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.

Show Suggested Answer

Suggested Answer: D

by Sherita at Jan 10, 2025, 07:54 AM

Limited Time Offer

25%

Off

Get Premium Identity and Access Management Architect Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Susy

3 days ago

I'm not sure about option B. Using a self-signed certificate may not provide enough security. I think option D, encrypting the SAML request using a CA signed certificate, would be a better choice.

upvoted 0 times

...

Cassandra

7 days ago

I agree with Donte. Option A ensures that the data is transmitted securely, which is crucial for maintaining trust between the SP and IdP.

upvoted 0 times

...

Donte

8 days ago

I think option A is the best choice. It's important to have a secure connection between the IDP and SP.

upvoted 0 times

...