Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Exam - Topic 3 Question 64 Discussion

Actual exam question for Salesforce's Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) exam

Question #: 64
Topic #: 3

[All Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Questions]

Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.

What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

AInstall Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.

BBuild an integration that queries LDAP periodically and creates new active users in Salesforce.

CConfigure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.

DBuild an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.

Show Suggested Answer

Suggested Answer: C

by Vilma at Jul 05, 2025, 01:28 AM

Limited Time Offer

25%

Off

Get Premium Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Theresia

2 months ago

I like C too, it’s all about that seamless experience!

upvoted 0 times

...

Alpha

2 months ago

I disagree, A could be more efficient for user provisioning.

upvoted 0 times

...

Laurel

3 months ago

Option C seems like the best choice for immediate access!

upvoted 0 times

...

Josephine

3 months ago

Wait, does Just-in-Time provisioning really work that smoothly?

upvoted 0 times

...

Noah

3 months ago

B sounds like a lot of extra work for something that could be automated.

upvoted 0 times

...

Alline

3 months ago

I recall a practice question about login flows, but I'm not clear if creating inactive users is the best approach for immediate access.

upvoted 0 times

...

Dominque

3 months ago

I feel like the integration that queries LDAP periodically might not be fast enough for new hires.

upvoted 0 times

...

Merlyn

4 months ago

I’m not entirely sure, but I think using Salesforce Identity Connect could help with automatic provisioning too, right?

upvoted 0 times

...

Hildred

4 months ago

I remember studying about Just-in-Time provisioning, and it seems like it would be the best fit for immediate access.

upvoted 0 times

...

Pamella

4 months ago

I've dealt with similar identity integration challenges before. I think option A or C would be the most efficient way to handle this.

upvoted 0 times

...

Myra

4 months ago

I'm not too familiar with SAML and LDAP, so I'll need to review those concepts before deciding on the best solution.

upvoted 0 times

...

Ashley

4 months ago

Okay, let's see. The key is to minimize Salesforce license usage, so I'm thinking option C might be the best approach here.

upvoted 0 times

...

Jaime

5 months ago

Hmm, I'm a bit confused about the different identity and provisioning options here. I'll need to think this through carefully.

upvoted 0 times

...

Alpha

5 months ago

This looks like a straightforward identity and access management question. I think I can handle this one.

upvoted 0 times

...

Veta

6 months ago

Haha, I wonder if the new employees will get a 'Just-in-Time' welcome message from Salesforce. 'Welcome aboard, you're hired!'

upvoted 0 times

...

Lonna

7 months ago

I agree, C is the best option. It creates new Salesforce users on-the-fly, which is perfect for minimizing license usage.

upvoted 0 times

Annmarie

7 months ago

I agree, C is the best option. It creates new Salesforce users on-the-fly, which is perfect for minimizing license usage.

upvoted 0 times

...

Lourdes

7 months ago

C) Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login.

upvoted 0 times

...

Marylou

8 months ago

I think option D could work too, it provides a way to activate users at first login.

upvoted 0 times

...

Gail

8 months ago

I'm not sure, option C also seems like a viable option to me.

upvoted 0 times

...

Myra

8 months ago

Option C seems like the way to go. Automating user provisioning using SAML attributes is the most efficient approach here.

upvoted 0 times

Olene

7 months ago

C) Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login.

upvoted 0 times

...

Ruth

7 months ago

A) Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.

upvoted 0 times

...

Tish

7 months ago

C) Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login.

upvoted 0 times

...

Ira

8 months ago

I agree with Anika, Salesforce Identity Connect sounds like the most efficient solution.

upvoted 0 times

...

Anika

8 months ago

I think option A is the best choice.

upvoted 0 times

...