The Salesforce Certified Identity and Access Management credential is designed for identity professionals who want to demonstrate their knowledge, skills, and capabilities at assessing identity architecture; designing secure, high-performance access management solutions on the Customer 360 platform; and communicating technical solutions effectively to business and technical stakeholders.
An Identity professional should be able to do the following in order to pass the exam.
- Design an identity architecture that may span multiple platforms and include integration and authentication across systems.
- Articulate system design considerations, benefits, and recommendations for identity architecture.
- Apply general identity and access management best practices to Salesforce implementations.
Prerequisites
A Salesforce Certified Identity and Access Management Architect assesses the environment and requirements to design secure and scalable identity management solutions on the Customer 360 platform. The architect has experience designing and implementing complex identity and access management strategies, as well as communicating the solution and design trade-offs to business and technical stakeholders alike.
The Salesforce Certified Identity and Access Management Architect has the following background.
- 1+ years of experience designing and implementing Identity and Access Management solutions in the Salesforce Customer 360 platform
- 2+ years of identity and/or security technology experience
Typical job roles may include:
- Enterprise Architect
- Technical Architect
- Security Architect
- Integration Architect
- Identity Architect
- Solution Architect
The Salesforce Certified Identity and Access Management Architect candidate has the experience, skills, knowledge, and ability to:
- Understand the difference between federated and delegated single sign-on (SSO).
- Gather requirements and configure delegated authentication in Salesforce.
- Gather requirements and configure SAML in Salesforce.
- Know the difference between Identity Provider (IdP) Initiated SAML and Service Provider (SP) Initiated SAML and when to use each.
- Know how trust is established between an IdP and an SP.
- Determine the general identity federation capabilities available for a given project.
- Explain high-level concepts and flows of OAuth, SAML, and OpenID Connect.
- Explain social sign-on in the context of Salesforce.
- Explain authentication mechanisms for Communities.
- Identify the cause and resolve common failure conditions for SSO in Salesforce.
- Explain why a solid SSO strategy is important for enterprise security.
- Know why two-factor authentication (2FA) is important and strategies for implementing it in Salesforce.
- Explain the use of login flows.
- Determine the applicable use cases for Identity Connect.
- Determine appropriate user lifecycle management techniques (automated user provisioning, just-in-time provisioning, manual account creation, etc.) for a given project.
Recommended training for this certification
The self-study materials recommended for this exam include:
- Trailmix: Architect Journey: Identity and Access Management
Exams
All proctored Salesforce certification exams can be scheduled as an onsite or online exam. Learn more about scheduling an exam.
Quick facts about the exam:
- Content: 60 multiple-choice/multiple-select questions and up to five non-scored questions
- Time allotted to complete the exam: 120 minutes
- Passing score: 67%
- Version: Exam questions align to the Summer '23 release
- Registration fee: US$400, plus applicable taxes as required per local law
- Retake fee: $200, plus applicable taxes as required per local law
- Delivery options: Proctored exam delivered onsite at a testing center or in an online proctored environment; click here for information on scheduling an exam.
- References: No hard-copy or online materials may be referenced during the exam.
- Prerequisite: None