Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Exam - Topic 3 Question 64 Discussion

Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?
C) Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
A) Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
B) Build an integration that queries LDAP periodically and creates new active users in Salesforce.
D) Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.

Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Exam - Topic 3 Question 64 Discussion

Actual exam question for Salesforce's Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) exam
Question #: 64
Topic #: 3
[All Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Questions]

Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.

What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Vilma at Jul 05, 2025, 01:28 AM

Limited Time Offer

25%

Off

Get Premium Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Theresia
5 months ago
I like C too, it’s all about that seamless experience!
upvoted 0 times
...
Alpha
6 months ago
I disagree, A could be more efficient for user provisioning.
upvoted 0 times
...
Laurel
6 months ago
Option C seems like the best choice for immediate access!
upvoted 0 times
...
Josephine
6 months ago
Wait, does Just-in-Time provisioning really work that smoothly?
upvoted 0 times
...
Noah
6 months ago
B sounds like a lot of extra work for something that could be automated.
upvoted 0 times
...
Alline
6 months ago
I recall a practice question about login flows, but I'm not clear if creating inactive users is the best approach for immediate access.
upvoted 0 times
...
Dominque
7 months ago
I feel like the integration that queries LDAP periodically might not be fast enough for new hires.
upvoted 0 times
...
Merlyn
7 months ago
I’m not entirely sure, but I think using Salesforce Identity Connect could help with automatic provisioning too, right?
upvoted 0 times
...
Hildred
7 months ago
I remember studying about Just-in-Time provisioning, and it seems like it would be the best fit for immediate access.
upvoted 0 times
...
Pamella
7 months ago
I've dealt with similar identity integration challenges before. I think option A or C would be the most efficient way to handle this.
upvoted 0 times
...
Myra
7 months ago
I'm not too familiar with SAML and LDAP, so I'll need to review those concepts before deciding on the best solution.
upvoted 0 times
...
Ashley
8 months ago
Okay, let's see. The key is to minimize Salesforce license usage, so I'm thinking option C might be the best approach here.
upvoted 0 times
...
Jaime
8 months ago
Hmm, I'm a bit confused about the different identity and provisioning options here. I'll need to think this through carefully.
upvoted 0 times
...
Alpha
8 months ago
This looks like a straightforward identity and access management question. I think I can handle this one.
upvoted 0 times
...
Veta
10 months ago
Haha, I wonder if the new employees will get a 'Just-in-Time' welcome message from Salesforce. 'Welcome aboard, you're hired!'
upvoted 0 times
...
Lonna
11 months ago
I agree, C is the best option. It creates new Salesforce users on-the-fly, which is perfect for minimizing license usage.
upvoted 0 times
Annmarie
10 months ago
I agree, C is the best option. It creates new Salesforce users on-the-fly, which is perfect for minimizing license usage.
upvoted 0 times
...
Lourdes
10 months ago
C) Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login.
upvoted 0 times
...
...
Marylou
11 months ago
I think option D could work too, it provides a way to activate users at first login.
upvoted 0 times
...
Gail
11 months ago
I'm not sure, option C also seems like a viable option to me.
upvoted 0 times
...
Myra
11 months ago
Option C seems like the way to go. Automating user provisioning using SAML attributes is the most efficient approach here.
upvoted 0 times
Olene
10 months ago
C) Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login.
upvoted 0 times
...
Ruth
10 months ago
A) Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
upvoted 0 times
...
Tish
10 months ago
C) Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login.
upvoted 0 times
...
...
Ira
11 months ago
I agree with Anika, Salesforce Identity Connect sounds like the most efficient solution.
upvoted 0 times
...
Anika
11 months ago
I think option A is the best choice.
upvoted 0 times
...

Save Cancel