1. Home
  2. Salesforce
  3. IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Practice Questions and Exam Preparation

IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Exam Details

  • Exam Code
    :IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT
  • Exam Name
    :Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203)
  • Certification
    :Salesforce Certifications
  • Vendor
    :Salesforce
  • Total Questions
    :247 Q&As
  • Last Updated
    :May 27, 2026

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Questions & Answers

  • Question 201:

    Universal Containers (UC) has a desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and Salesforce should be seamless. What Authorization flow should the Architect recommend?

    A. JWT Bearer Token Flow
    B. Web Server Authentication Flow
    C. User Agent Flow
    D. Username and Password Flow

  • Question 202:

    A multinational industrial products manufacturer is planning to implement Salesforce CRM to manage their business. They have the following requirements:

    1.

    They plan to implement Partner communities to provide access to their partner network .

    2.

    They have operations in multiple countries and are planning to implement multiple Salesforce orgs.

    3.

    Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.

    4.

    They would like to provide a single login for their partners.

    How should an Identity Architect solution this requirement with limited custom development?

    A. Create a partner login for the country of their operation and use SAML federation to provide access to other orgs.
    B. Consolidate Partner related information in a single org and provide access through Salesforce community.
    C. Allow partners to choose the Salesforce org they need information from and use login flows to authenticate access.
    D. Register partners in one org and access information from other orgs using APIs.

  • Question 203:

    The CIO of universal containers(UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize Oauth 2.0. UC has listed an architect to analyze all of the applications that use Oauth flows to. See where refresh Tokens can be applied. Which two OAuth flows should the architect consider in their evaluation? Choose 2 answers

    A. Web server
    B. Jwt bearer token
    C. User-Agent
    D. Username-password

  • Question 204:

    Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?

    A. Web Server flow
    B. JWT Bearer Token flow
    C. Username-Password flow
    D. User Agent flow

  • Question 205:

    Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

    A. Authentication Token
    B. Session ID
    C. Refresh Token
    D. Access Token

  • Question 206:

    Universal containers wants salesforce inbound Oauth-enabled integration clients to use SAML-BASED single Sign-on for authentication. What Oauth flow would be recommended in this scenario?

    A. User-Agent Oauth flow
    B. SAML assertion Oauth flow
    C. User-Token Oauth flow
    D. Web server Oauth flow

  • Question 207:

    Universal Containers (UC) has decided to use Salesforce as an Identity Provider for multiple external applications. UC wants to use the salesforce App Launcher to control the Apps that are available to individual users. Which three steps are required to make this happen?

    A. Add each connected App to the App Launcher with a Start URL.
    B. Set up an Auth Provider for each External Application.
    C. Set up Salesforce as a SAML Idp with My Domain.
    D. Set up Identity Connect to Synchronize user data.
    E. Create a Connected App for each external application.

  • Question 208:

    Containers (UC) has an existing Customer Community. UC wants to expand the self- registration capabilities such that customers receive a different community experience based on the data they provide during the registration process. What is the recommended approach an Architect Should recommend to UC?

    A. Create an After Insert Apex trigger on the user object to assign specific custom permissions.
    B. Create separate login flows corresponding to the different community user personas.
    C. Modify the Community pages to utilize specific fields on the User and Contact records.
    D. Modify the existing Communities registration controller to assign different profiles.

  • Question 209:

    Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

    A. Implement jit provisioning on the SAML IDP that will pass the profile id in each assertion.
    B. Create an apex scheduled job in one org that will synchronize the other orgs profile.
    C. Implement Delegated Authentication that will update the user profiles as necessary.
    D. Implement an Oauthjwt flow to pass the profile credentials between systems.

  • Question 210:

    Northern Trail Outfitters (NTO) utilizes a third-party cloud solution for an employee portal. NTO also owns Salesforce Service Cloud and would like employees to be able to login to Salesforce with their third-party portal credentials for a seamless expenence. The third- party employee portal only supports OAuth.

    What should an identity architect recommend to enable single sign-on (SSO) between the portal and Salesforce?

    A. Configure SSO to use the third party portal as an identity provider.
    B. Create a custom external authentication provider.
    C. Add the third-party portal as a connected app.
    D. Configure Salesforce for Delegated Authentication.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Salesforce exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT exam preparations and Salesforce certification application, do not hesitate to visit our Vcedump.com to find your solutions here.