🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
Identity-and-Access-Management-Architect
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
Identity-and-Access-Management-Architect Salesforce Coming Soon

IAM Architect (Identity-and-Access-Management-Architect)

The certification validates an architect’s ability to design, implement, and secure Salesforce identity solutions, covering SSO, OAuth, provisioning, MFA, and custom login flows for enterprise environments.

120
Minutes
60
Questions
60/100
Passing Score
$400
Exam Cost

Who Should Take This

It is intended for senior security engineers, solution architects, and IAM leads who have several years of experience designing authentication and authorization frameworks. These professionals seek to formalize expertise in Salesforce’s identity platform, guide large‑scale implementations, and ensure compliance with enterprise security policies.

What's Covered

1 Domain 1: Single Sign-On Architecture
2 Domain 2: OAuth 2.0 and Connected Apps
3 Domain 3: User Provisioning
4 Domain 4: Multi-Factor Authentication
5 Domain 5: Login Flow Customization
6 Domain 6: Identity Governance
7 Domain 7: Multi-Org Identity

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

65 learning goals
1 Domain 1: Single Sign-On Architecture
2 topics

SAML 2.0

  • Implement SAML 2.0 configurations with Identity Provider metadata, assertion attributes, and service provider settings for federated SSO
  • Analyze SAML assertion flows evaluating IdP-initiated versus SP-initiated authentication, deep linking, and relay state management patterns
  • Design multi-IdP SAML architectures with identity provider discovery, assertion attribute mapping, and failover configurations for enterprise SSO
  • Examine saml 2.0 configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies

OpenID Connect

  • Implement OpenID Connect authentication flows with authorization code grants, PKCE, and token validation for modern identity integration
  • Analyze OpenID Connect provider configurations evaluating discovery endpoints, scope management, and claims mapping for identity federation
  • Design OpenID Connect architectures combining multiple relying parties, custom scopes, and consent management for enterprise identity platforms
  • Design openid connect configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
2 Domain 2: OAuth 2.0 and Connected Apps
2 topics

OAuth Flows

  • Implement OAuth 2.0 authorization flows including authorization code, client credentials, and device code grants for API authentication
  • Analyze OAuth 2.0 security considerations evaluating token storage, refresh token rotation, and scope limitation for secure API access
  • Design OAuth 2.0 architectures with token exchange, dynamic client registration, and cross-org authorization for enterprise integrations
  • Configure oauth flows configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies

Connected App Management

  • Implement Connected App configurations with OAuth policies, IP restrictions, and session management for controlled third-party access
  • Design Connected App governance frameworks with approval workflows, policy enforcement, and usage monitoring for enterprise application management
  • Analyze Connected App security evaluating token lifetime policies, scope restrictions, and revocation mechanisms for access control optimization
  • Compare connected app management configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
  • Apply connected app management configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
3 Domain 3: User Provisioning
2 topics

SCIM Provisioning

  • Implement SCIM user provisioning with attribute mapping, group management, and deprovisioning workflows for automated user lifecycle management
  • Design SCIM provisioning architectures with identity provider integration, conflict resolution, and error handling for enterprise user management
  • Analyze SCIM provisioning effectiveness evaluating sync latency, attribute accuracy, and deprovisioning completeness for identity governance compliance
  • Optimize scim provisioning configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
  • Optimize scim provisioning configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies

Just-in-Time Provisioning

  • Implement Just-in-Time user provisioning with SAML assertions, attribute-based profile assignment, and role mapping for on-demand user creation
  • Design JIT provisioning strategies combining standard and custom attribute handling with existing user matching for seamless identity integration
  • Analyze JIT provisioning trade-offs evaluating user experience impact, attribute freshness, and error handling compared to pre-provisioning approaches
  • Apply just-in-time provisioning configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
  • Compare just-in-time provisioning configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
4 Domain 4: Multi-Factor Authentication
2 topics

MFA Implementation

  • Implement multi-factor authentication configurations with verification methods, trusted device management, and recovery mechanisms for security hardening
  • Analyze MFA adoption patterns evaluating user friction, bypass policies, and authentication method effectiveness for security posture improvement
  • Design MFA architectures combining Salesforce Authenticator, hardware tokens, and biometric methods for enterprise-grade authentication security
  • Analyze mfa implementation configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
  • Configure mfa implementation configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies

Session Management

  • Implement session security configurations including timeout policies, concurrent session limits, and IP-based access restrictions for session governance
  • Design session management architectures with risk-based authentication, step-up verification, and continuous session validation for adaptive security
  • Analyze session security effectiveness evaluating session hijacking prevention, token management, and logout behavior for vulnerability mitigation
  • Architect session management configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
  • Design session management configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
5 Domain 5: Login Flow Customization
2 topics

Custom Login Flows

  • Implement custom login flows using Flow Builder with identity verification steps, terms acceptance, and conditional routing for authentication journeys
  • Design login flow architectures combining branded login pages, social authentication providers, and progressive profiling for user experience optimization
  • Analyze login flow performance evaluating authentication latency, error rates, and user abandonment patterns for conversion rate optimization
  • Deploy custom login flows configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
  • Examine custom login flows configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies

Social Authentication

  • Implement social sign-on configurations with Facebook, Google, Apple, and custom authentication providers for consumer-facing identity integration
  • Design social authentication architectures with account linking, profile merging, and consent management for multi-provider identity consolidation
  • Implement social authentication configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
  • Create social authentication configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
6 Domain 6: Identity Governance
2 topics

Permission Management

  • Implement permission management architectures using permission sets, permission set groups, and custom permissions for scalable access control
  • Analyze permission architecture complexity evaluating grant overlap, effective permissions, and administrative overhead for governance simplification
  • Design delegated administration models with custom admin profiles, restricted access grants, and approval workflows for distributed identity management
  • Assess permission management configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
  • Create permission management configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies

Audit and Compliance

  • Implement identity audit configurations tracking login history, authentication events, and permission changes for compliance evidence collection
  • Design identity compliance frameworks with periodic access reviews, certification campaigns, and remediation workflows for regulatory requirements
  • Analyze identity risk assessments evaluating over-privileged accounts, orphaned permissions, and service account management for security posture evaluation
  • Plan audit compliance configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
  • Recommend audit compliance configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
7 Domain 7: Multi-Org Identity
2 topics

Cross-Org Authentication

  • Implement cross-org SSO architectures with hub-and-spoke Identity Provider configurations and trust relationship management for multi-org enterprises
  • Design multi-org identity strategies with centralized identity stores, federated authentication, and unified permission models across Salesforce orgs
  • Analyze multi-org identity challenges evaluating identity synchronization, permission drift, and user experience consistency across org boundaries
  • Implement cross-org authentication configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
  • Evaluate cross-org authentication configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies

External Identity

  • Implement external identity configurations with Experience Cloud authentication, self-registration, and password policies for customer and partner portals
  • Design external identity architectures combining community licenses, external identity licenses, and headless authentication for cost-optimized access
  • Evaluate external identity configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies
  • Recommend external identity configurations including platform-specific optimization patterns, enterprise deployment considerations, and production monitoring strategies

Scope

Included Topics

  • Single sign-on architecture using SAML 2.0, OpenID Connect, and OAuth 2.0 for federated authentication.
  • User provisioning with SCIM, Just-in-Time provisioning, and Connected App management.
  • Multi-factor authentication, session management, and login flow customization.
  • Identity governance with delegated administration, permission management, and audit trails.

Not Covered

  • Apex development and Lightning Web Component programming.
  • Data architecture and large data volume management.
  • Marketing Cloud and Commerce Cloud identity configuration.

Official Exam Page

Learn more at Salesforce

Visit

Identity-and-Access-Management-Architect is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

Salesforce® and all related certification marks are registered trademarks of salesforce.com, inc. Salesforce does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.