Salesforce Certified Identity and Access Management Designer — Question 14

Universal Containers (UC) uses a legacy Employee portal for employees to collaborate and post ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to Salesforce through API. UC decides to use an API user using OAuth Username-Password flow for the connection.
How can the connection to Salesforce be restricted only to the Employee portal server?

Answer options

• A. Add the Employee portal's IP address to the Login IP range on the user profile.
• B. Use a dedicated profile for the user the Employee portal uses.
• C. Use a digital certificate signed by the Employee portal server.
• D. Add the Employee portal's IP address to the Trusted IP range for the Connected App.

Correct answer: D

Explanation

The correct answer is D because adding the Employee portal's IP address to the Trusted IP range for the Connected App grants access to only that specific server, ensuring a secure connection. Option A, while it restricts login based on IP, does not apply to API access. Option B does not address IP restriction, and option C, while secure, does not effectively limit access to the specific server.