Salesforce Exam Identity and Access Management Architect Topic 5 Question 29 Discussion

Actual exam question for Salesforce's Identity and Access Management Architect exam

Question #: 29
Topic #: 5

[All Identity and Access Management Architect Questions]

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.

What should an identity architect recommend to prevent this from happening in the future?

ACreate a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.

BConfigure an authentication provider to delegate authentication to the LDAP directory.

Cuse a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.

DSetup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

Show Suggested Answer

Suggested Answer: B

by France at Dec 09, 2023, 10:18 AM

Limited Time Offer

25%

Off

Get Premium Identity and Access Management Architect Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!