Universal Containers (UC) is using its production org as the identity provider for a new Experience Cloud site and the identity architect is deciding which login experience to use for the site.

Which two page types are valid login page types for the site?

Choose 2 answers

A. Experience Builder Page

B. lightning Experience Page

C. Login Discovery Page

D. Embedded Login Page

Northern Trail Outfitters (NTO) uses the Customer 360 Platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information. What is the potential impact to the architecture if NTO decides to implement this feature?

A. Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.

B. If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.

C. Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloud functionality available to the user.

D. Passwordless authentication can not be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.

Northern Trail Outfitters (NTO) employees use a custom on-premise helpdesk application to request, approve, notify, and track access granted to various on-premises and cloud applications, including Salesforce. Salesforce is currently used to authenticate users. How should NTO provision Salesforce users as soon as they are approved in the helpdesk application with the approved profiles and permission sets?

A. Build an integration that performs a remote call-in to the Salesforce SOAP or REST API.

B. Use a login flow to query the helpdesk to validate user status.

C. Have the helpdesk initiate an IdP-initiated Just-m-Time provisioning Security Assertion Markup Language flow.

D. Use Salesforce Connect to integrate with the helpdesk application.

Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system. How can UC's middleware authenticate to Salesforce while adhering to this requirement?

A. Create a Connected App that supports the JWT Bearer Token OAuth Flow.

B. Create a Connected App that supports the Refresh Token OAuth Flow

C. Create a Connected App that supports the Web Server OAuth Flow.

D. Create a Connected App that supports the User-Agent OAuth Flow.

Northern Trail Outfitters (NTO) is setting up Salesforce to authenticate users with an external identity provider. The NTO Salesforce Administrator is having trouble getting things setup.

What should an identity architect use to show which part of the login assertion is fading?

A. SAML Metadata file importer

B. Identity Provider Metadata download

C. Connected App Manager

D. Security Assertion Markup Language Validator

An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.

Which two licenses are needed to meet this requirement?

Choose 2 answers

A. External Identity Licenses

B. Identity Connect Licenses

C. Email Verification Credits

D. SMS verification Credits

Universal Containers is implementing Salesforce Identity to broker authentication from its enterprise single sign-on (SSO) solution through Salesforce to third party applications using SAML. What rote does Salesforce Identity play in its relationship with the enterprise SSO system?

A. Identity Provider (IdP)

B. Resource Server

C. Service Provider (SP)

D. Client Application

Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using facebook, UC would like a customer account created automatically in their Accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts.

How can the Architect meet these requirements?

A. Create a custom application on Heroku that manages the sign-on process from Facebook.

B. Use JIT Provisioning to automatically create the account in the accounting system.

C. Add an Apex callout in the registration handler of the authorization provider.

D. Use OAuth JWT flow to pass the data from Salesforce to the Accounting System.

Universal Containers wants to allow its customers to log in to its Experience Cloud via a third party authentication provider that supports only the OAuth protocol.

What should an identity architect do to fulfill this requirement?

A. Contact Salesforce Support and enable delegate single sign-on.

B. Create a custom external authentication provider.

C. Use certificate-based authentication.

D. Configure OpenID Connect authentication provider.

An identity architect is setting up an integration between Salesforce and a third-party system. The third-party system needs to authenticate to Salesforce and then make API calls against the REST API.

One of the requirements is that the solution needs to ensure the third party service providers connected app in Salesforce mini need for end user interaction and maximizes security.

Which OAuth flow should be used to fulfill the requirement?

A. JWT Bearer Flow

B. Web Server Flow

C. User Agent Flow

D. Username-Password Flow