Salesforce Certified Identity and Access Management Designer — Question 22

Universal Containers (UC) is building an integration between Salesforce and a legacy web application using the Canvas framework. The security team for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the third-party app.
Which two options should the Architect consider for authenticating the third-party app using the Canvas framework? (Choose two.)

Answer options

• A. Utilize Authorization Providers to allow the third-party application to authenticate itself against Salesforce as the IdP.
• B. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.
• C. Create a registration handler Apex class to allow the third-party application to authenticate itself against Salesforce as the IdP.
• D. Utilize the Canvas OAuth flow to allow the third-party application to authenticate itself against Salesforce as the IdP.

Correct answer: B, D

Explanation

Option B is correct as the SAML Single Sign-on flow allows for robust authentication against UC's IdP, ensuring secure access. Option D is also correct because the Canvas OAuth flow provides a secure method for the third-party app to authenticate with Salesforce. Options A and C are not appropriate as they do not involve the necessary secure authentication methods specified for this scenario.