Salesforce Certified Identity and Access Management Designer — Question 27

Universal Containers has implemented a multi-org strategy and would like to centralize the management of their Salesforce user profiles.
What should the Architect recommend to allow Salesforce profiles to be managed from a central system of record?

Answer options

• A. Implement JIT provisioning on the SAML IdP that will pass the ProfileID in each assertion.
• B. Implement Delegated Authentication that will update the user profiles as necessary.
• C. Create an Apex scheduled job in one org that will synchronize the other org's profiles.
• D. Implement an OAuth JWT flow to pass the profile credentials between systems.

Correct answer: A

Explanation

The correct answer is A because implementing JIT provisioning allows for real-time user profile management by passing the ProfileID in SAML assertions, which centralizes user profile control. Option B, while it updates profiles, does not centralize management. Option C requires manual synchronization, making it less efficient, and Option D focuses on credential transfer rather than profile management.