Salesforce-Platform-Identity-and-Access-Management-Architect Practice Test
Salesforce Spring 25 Release 255 Questions
Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.
A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.
NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization.
what should an identity architect do to fulfill the above requirements?
A. For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.
B. Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.
C. Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authorize/cookie_value.
D. Authorize third-party service by sending authorization requests to the community- url/services/oauth2/authonze/expid_value.
D. Authorize third-party service by sending authorization requests to the community- url/services/oauth2/authonze/expid_value.
Explanation:
OAuth 2.0 is an open standard for authorization that allows a third-party application to obtain limited access to a protected resource on behalf of a user. To authorize a third-party service using OAuth 2.0 with the Salesforce Experience Cloud site, the identity architect should do the following steps:
Create a connected app for the third-party service in Salesforce. A connected app
is an application that integrates with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID Connect. To create a connected app, you need to provide the basic information, such as the app name, logo URL, contact email, and API name. You also need to enable OAuth and configure the OAuth settings, such as the callback URL, the scopes, and the policies.
Authorize the third-party service by sending authorization requests to the community-url/services/oauth2/authorize/expid_value. This is a special endpoint that allows you to specify an experience ID (expid) as a query parameter in the authorization request. The experience ID is a unique identifier for each experience (community or site) in Salesforce. By using this endpoint, you can dynamically render the login page images based on the user’s brand preference selected in the third-party service before authorization.