Salesforce Exam Identity and Access Management Architect Topic 5 Question 27 Discussion

Actual exam question for Salesforce's Identity and Access Management Architect exam

Question #: 27
Topic #: 5

[All Identity and Access Management Architect Questions]

The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

AUse SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.

BUse SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.

CUse SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.

DUse SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.

Show Suggested Answer

Suggested Answer: B

by Tyra at Oct 18, 2023, 11:42 PM

Limited Time Offer

25%

11 days ago

I think option B sounds like a good solution. It allows for dynamic permission management based on the user's credentials.

upvoted 0 times

...